';*/ 


COMPUTER  SECURITY  IN  THE  UNIX  OPERATING  SYSTEM 
AND  THE  INGRES  DATA  BASE  MANAGEMENT  SYSTEM 

by 

LORI  LYNN  SABRACK 
B.A.  and  B.S.,  Miami  University,  1980 


A  MASTERS  THESIS 


submitted  in  partial  fulfillment  of  the 


requirements  for  the  degree 


MASTER  OF  SCIENCE 


Department  of  Computer  Science 


KANSAS  STATE  UNIVERSITY 
Manhattan,  Kansas 


1987 


Approved 


Dr. 


A.  Unger 


T4 

*     '  AlieD?    301b3M 

C^n  5C  CONTENTS 

nfl 

SZtZj  Chapter  1  -  Computer  Security 1 

/>  p  1.1   Introduction 1 

^  1.2  Computer  Security 1 

1.2.1  Background 1 

1.2.2  Types 2 

1.2.3  Issues 3 

1.3  UNIX 4 

1.3.1  Introduction 4 

1.3.2  File  System  Structure 4 

1.3.3  Security  Weaknesses  and  Strengths 5 

1.3.4  System  Administrator 7 

1 . 4  INGRES 7 

1.4.1  Introduction 7 

1.4.2  INGRES  Files 8 

1.4.3  Security  Weaknesses  and  Strengths 9 

1.4.4  INGRES  Implementation 10 

1.5  Commercial  Security  Methods  Available 11 

1.5.1  Introduction 11 

1.5.2  Netlock 11 

1.5.3  Memory  Cards 11 

1 . 6  Current  Security  Problem 12 

1 .  7  Remaining  Chapters 12 

Chapter  2  -  Requirements 13 

2. 1   Introduction 13 

2 .  2  General  Requirements 13 

2 .  3  Specific  Requirements 14 

2.3.1  Front  End  Processor  to  INGRES  Related  UNIX 
Commands 15 

2.3.2  Front  End  Processor  to  INGRES  Commands 15 

Chapter  3  -  Detailed  Design 16 

3 . 1  Introduction 16 

3 . 2  Interface  to  the  User 16 

3 .  3   UNIX  Commands 17 

3 . 4  Error  and  Interrupt  Handling 27 

3  .  5   Control  Flow 28 

3 .  6  Commands  Excluded 31 

Chapter  4  -  Implementation 32 

4 .  1   Introduction 32 

4 .  2  Variables 32 

4  .  3   Routines 33 

4.4   C  Programs 41 

Chapter  5  -  Conclusion 42 

-  i  - 


5  .  1   Summary 42 

5  .  2   Problems 42 

5 .  3  Further  Extensions 43 


11 


LIST  OF  FIGURES 

Figure  3-1.   Menu  of  INGRES  Related  UNIX  Commands 17 

Figure  3-2.   Options  for  creatdb  Command 19 

Figure  3-3.   Options  for  destroydb  Command 19 

Figure  3-4.   Options  for  helpr  Command 20 

Figure  3-5.   Options  for  ingres  Command 22 

Figure  3-6.   List  of  User's  Relations 23 

Figure  3-7.   Options  for  printr  Commands 24 

Figure  3-8 .   Options  for  purge  Command 25 

Figure  3-9.   Options  for  restore  Command 26 

Figure  3-10.   Options  for  sysmod  Command 26 

Figure  3-11 .   Relations  for  sysmod  Command 27 

Figure  3-12.   High  Level  Design  of  INGRES  related  UNIX 

Commands 29 

Figure  3-13.   Expanded  High  Level  Design  of  INGRES 

related  UNIX  Commands 30 

Figure  4-1.   Control  Flow  for  INGRES  Data  Base 

Commands 35 

Figure  4-2.   Control  Flow  for  INGRES  Relation 

Commands 36 

Figure  4-3.   User  Interface  and  File  Access 37 


111 


Chapter  1  -  Computer  Security 


1 . 1  Introduction 

Computer  Security  has  become  an  increasingly  important 
subject  in  today's  society  where  the  use  of  computers  has 
been  incorporated  either  directly  or  indirectly  in  all 
phases  of  everyday  life.  This  paper  addresses  current 
computer  security  breaches  as  well  as  methods  used  to 
enhance  computer  security.  The  INGRES  (INteractive  Graphics 
and  Retrieval  System)  Data  Base  Management  System  (DBMS) 
operating  under  the  UNIX*  operating  system  is  the  target  for 
security  enhancements  discussed  in  detail  in  this  paper  and 
the  one  implemented  at  Kansas  State  University.  In 
preparation  for  such  an  implementation,  INGRES,  UNIX  and 
their  relationship  are  discussed  in  terms  of  current 
security  measures,  strengths  and  weaknesses  and  an  example 
of  current  usage.  Finally,  suggestions  are  made  for  future 
possible  enhancements  to  help  eliminate  security  problems  in 
the  INGRES  environment . 

1 . 2  Computer  Security 

1.2.1  Background  The  technological  advances  that  have 
taken  place  in  the  area  of  computers  have  forced  computer 
security  to  expand.  In  the  early  systems,  users  had  access 
to  all  physical  resources  and  what  protection  that  did  exist 
on  the  machines  was  done  at  the  highest  level  although  most 
computation  was  done  at  a  much  lower  level.  As  the  early 
systems  matured,  there  was  a  need  for  users  to  share 
resources  as  machines  were  able  to  support  many  more  users 
and  a  variety  of  functions  such  as  information  processing 
and  computational  services.  In  addition  to  resource 
allocation  becoming  a  major  necessity,  it  was  becoming 
equally  evident  that  steps  toward  computer  security  and 
protection  were  very  much  a  concern.   [Dep79] 

Not  only  is  the  mere  increase  of  users  a  major  contributor 
to   the   growing   concern   of   computer   security,   but   the 


*  UNIX  is  a  trademark  of  Bell  Laboratories 
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capability  of  the  users  is  alarming.  The  Nihilist  Order,  a 
group  of  teen-age  computer  hackers  in  California,  has 
succeeded  in  breaking  into  computer  systems  and  successfully 
produced  lists  of  credit  cards  and  telephone  calling  card 
numbers.  The  impetus  behind  their  actions  is  more  a 
question  of  conquering  the  system  than  a  question  of  greed. 
The  status  gained  among  their  peers  is  the  reward.  Although 
computer  crime  consulting  firms  exist  to  search  out  such 
illegal  acts,  and  are  often  successful  at  preventing  hackers 
from  accessing  corporate  systems,  it  does  not  end  there. 
The  members  of  the  firm  are  then  frequently  harassed  as  the 
hackers  access  their  personal  numbers  in  an  attempt  to  get 
instant  revenge. 


The  actual  amount  of  both  users  and  criminals  indicates  that 
there  is  a  problem.  It  is  reported  by  the  Communications 
Fraud  Control  Association  that  hackers  are  responsible  for 
$500,000  worth  of  phone  fraud  per  year.  [C0I86]  In 
addition,  for  the  small  business  sector,  estimated  at  a 
total  of  16  million  installations  by  1986,  $300  million  is 
lost  in  fraud  every  year.  [Kat83,Nat85]  The  need  applies 
in  the  private  businesses  but  is  more  urgently  a  problem  in 
government  applications  as  they  traditionally  lag  behind. 
At  least  one-half  of  the  more  than  17,000  computers  in  the 
Department  of  Defense  (DOD)  need  stricter  access  controls. 
In  the  Fall  of  1985,  President  Reagan  signed  a  directive 
that  established  an  organization  that  is  responsible  for 
government  wide  computer  security  policies.  The  Computer 
Security  Center,  was  formed  to  serve  the  DOD  in  1981  and  now 
serves  on  a  national  level,  develops  standards  and 
demonstrates  methods  to  best  handle  various  security 
problems.  [Pet85]  It  is  clear  that  the  need  exists  for 
tighter  controls  and  that,  although  issues  are  being 
considered,  much  work  still  needs  to  be  done. 

1.2.2  Types  The  concept  of  computer  security  engulfs  many 
areas  of  risk  that  can  be  classified  into  the  6  categories 
described  here.  Natural  disasters  such  as  unexpected  power 
surges,  or  complete  power  outages,  can  threaten  secure  data, 
but  precautions  can  be  used  to  minimize  losses.  Complete 
sets  of  back-up  files  stored  on  tapes  or  disks  should  be 
made  regularly.  In  addition,  devices  to  prevent  loss  of 
data  on  magnetic  media  during  power  failures  should  be 
incorporated  along  with  emergency  generators  to  operate  air 
conditioning  units.  The  second  category,  labeled  as 
terrorism,  would  include  those  cases  where  the  actual 
destruction  of  data  is  involved  and  surveillance  equipment 
is  one  means  by  which  this  problem  can  be  attacked.   The 


-  3  - 


next  category,  theft  by  computer,  is  likely  to  be  the  most 
popular  security  risk.  This  includes  such  things  as 
stealing  copyrighted,  software  which  is  considerably  easier 
as  networks  become  more  popular.  [Kat83]  Also,  companies 
such  as  Central  Point  Software,  Inc.,  sell  lock-busting 
schemes  to  computer  owners  who  are  then  able  to  copy 
programs  such  as  LOTUS  1.2.3,  used  in  business  applications. 
Copying  of  software  is  illegal  unless  the  people  who  buy  the 
software  are  producing  back-up  copies  for  their  own  use.  It 
is  estimated,  however,  that  there  are  as  many  as  nine 
illegally  copied  versions  of  software  in  use  for  each 
legitimate  copy.  [Gra86]  Theft  would  also  include  the 
illegal  retrieving  or  modifying  of  data  bases,  such  as 
employee  records  or  bank  account  data.  Because  of  such 
intelligent  illegal  data  manipulations,  creative  and 
sophisticated  security  systems  are  emerging.  Another 
category  of  security  risk  is  weakness  in  software  design. 
The  duties  of  the  software  designer  are  numerous  and  often 
include  understanding  the  previously  manual  operations, 
understanding  the  capabilities  of  the  computer,  designing  a 
system  to  automate  those  manual  efforts  most  efficiently, 
writing  and  testing  computer  programs  to  accomplish  these 
tasks,  documenting  the  system,  training  customers  to 
properly  use  it  and  supporting  the  system.  This  long  list 
of  duties  allows  many  opportunities  for  a  weakness  to  be 
incorporated  and  security  can  be  threatened.  The  fifth 
category  includes  honest  errors  which  will  likely  always 
occur  but  which  may  be  minimized  through  better  verification 
and  testing  procedures.  [Kat83]  The  final  category  relates 
directly  to  the  hardware  rather  than  the  software.  Physical 
security,  including  locks  on  the  doors  to  the  computer  room, 
alarm  systems,  guards  and  fire  prevention,  must  be  a  serious 
consideration  as  access  to  the  actual  hardware  by 
unauthorized  personnel  may  be  a  risk  to  a  secure  system. 

1.2.3  Issues  As  has  been  discussed,  the  advent  of 
technological  advances  in  the  use  of  computers  has  created  a 
greater  need  for  security  and  protection  mechanisms. 
Several  issues  arise,  however,  when  discussing  the 
implementation  of  these  measures.  As  the  computer's 
capabilities  become  more  versatile,  more  first-time  users 
than  ever  are  accessing  computers  and  their  peripherals.  An 
extension  of  that  idea  indicates  that  more  word  processing 
is  currently  being  done  on  computers  which  indicates  that  a 
large  amount  of  classified  company  information  is  being 
processed  without  proper  security  controls.  One  of  the 
biggest  obstacles  in  computer  security  is  that  the  user  does 
not  practice  good  security  techniques.  For  example,  the 
misuse  of  passwords  is  prevalent  in  today's  systems  where 
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users  maintain  easy  to  determine  passwords,  share  them  with 
other  users  or  seldom  change  them.  The  log  on  procedure 
must  include  the  use  of  a  password,  but  it  must  be  safe  and 
simple  without  being  too  rigid,  or  ways  to  avoid  it  will  be 
developed.  There  are  two  basic  ways  in  which  to  handle 
password  distribution.  The  first  relies  on  the  user 
changing  his  own  password  which  often  leads  to  the  use  of  a 
common  word,  name  or  address  which  is  often  easily 
decipherable.  This  may  or  may  not  include  password  aging  by 
the  system  where  the  password  expires  and  must  be  changed  by 
the  user  after,  say,  30  days.  The  second  method  maintains 
that  the  system  is  responsible  for  distributing  new,  random 
passwords.  Concerns  here  are  that  this  may  not  be  a  secure 
and  rapid  means  and  that  passwords  generated  may  be 
difficult  to  remember.  In  addition,  there  is  little  to  no 
instruction  for  new  or,  for  that  matter,  existing  users  how 
to  best  handle  security  problems  and  there  is  a  reluctance 
in  naming  computer  security  officers  to  handle  such  tasks. 
Another  time-consuming  job  to  better  ensure  computer 
security,  although  it  is  often  bothersome,  is  the  making  of 
back-up  disks.  It  is  essential,  however,  to  maintain  these 
disks  as  theft,  human  errors  or  even  natural  disasters  can 
occur.  [Hig83]  Looking  more  into  the  internals,  the  need 
also  exists  for  security  modules  to  perform  in  the  same 
dynamic  way  as  application  programs.  They  must  be  able  to 
add,  delete  and  modify  users  to  secure  files  and  provide 
administrative  control  over  password  changes.  There  must 
also  be  an  effective,  prompt  way  in  which  to  report  security 
violations  as  they  occur.  An  audit  trail  of  all  recent 
transactions  is  often  a  means  of  helping  conduct  a  search 
for  wrongdoing. 

1 . 3   UNIX 

1.3.1  Introduction  The  UNIX  operating  system  developed  in 
the  late  1960 's  by  Bell  Laboratories,  although  not 
originally  developed  with  security  in  mind,  is  a  relatively 
secure  system.  It  allows  the  system  administrator  some 
flexibility  in  making  the  system  secure  or  not.  It  is, 
then,  the  administrator's  duty  to  find  the  balance  between 
an  environment  that  restricts  the  users  as  much  as  necessary 
and  one  in  which  users  share  data. 

1.3.2  File_System_Structure  The  UNIX  file  system  structure 
provides  the  hierarchically-organized  directories  and  files. 
Normally,  the  file  system  divides  each  disk  drive  into 
1024-byte  blocks  (although,  it  may  vary  between  512  and 
8192)  numbered  0  to  the  number  of  possible  blocks  on  that 
disk.    Block  zero  is  the  boot  block  and  is  not  used  by  the 
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file  system.  Block  one  is  the  super  block  which  contains 
the  size  of  the  disk,  and  the  sizes  of  the  two  remaining 
sections  of  the  disk.  The  next  section  is  the  i-list  which 
is  of  variable  length  and  contains  i-nodes.  An  i-node  is  a 
64-byte  table  containing  information  about  a  file  such  as 
it's  size,  owner  and  permissions,  whether  it  is  an  ordinary 
file,  directory  or  a  special  file.  In  addition,  the  i-node 
also  contains  the  disk  address  list  which  is  a  list  of  13 
block  numbers,  the  first  10  of  which  are  the  first  10  blocks 
of  the  file.  The  eleventh  block  number  gives  the  number  of 
a  block  that  contains  up  to  256  more  block  numbers  and 
similarly  for  the  twelfth  and  thirteenth  block  numbers. 
Although  this  would  allow  files  of  enormous  size,  UNIX 
places  a  more  practical  limit  on  the  maximum  size.  All 
devices,  as  well  as  files,  directories,  disks  and  memory, 
are  thought  of  as  files.  When  actions  are  requested  by 
programs  on  devices  files,  UNIX  translates  it  into  actions 
on  the  actual  devices.  This  results  in  the  devices  being 
treated  independently  as  files  which  enhances  security 
because  all  I/O  for  the  device  passes  through  channels  and 
users  cannot  access  the  devices  directly.   [Woo85] 

1.3.3  Security_Weaknesses_and_Strengths  UNIX      was 

developed,  as  were  most  systems,  before  the  recent  urge  to 
include  security  measures,  so  it  admittedly  has  some 
weaknesses  in  its  design.  Probably  the  biggest  flaw  UNIX 
has  is  in  crash  protection  or  in  the  handling  of  conditions 
on  the  machine  that  temporarily  cripple  the  system's 
operations.  The  culprit  here  is  the  lack  of  checking  for 
the  allocation  of  resources  and  exceeding  the  limits.  This 
can  result  in  disaster  for  the  system  if  done  by  a 
mischievous  user  or  even  malfunctioning  programs  and  there 
is  no  easy  solution.  It  is,  however,  relatively  easy  to 
determine  the  cause  of  the  disaster,  or  identify  the  culprit 
and  act  on  it.  In  the  case  of  unauthorized  users  accessing 
data,  the  degree  of  security  is  more  adequate.  Eleven  bits 
of  protection  information  along  with  a  user  identification 
number  and  a  user  group  number  (UID  and  GID)  are  associated 
with  each  UNIX  file.  Nine  bits  of  information  specify 
permission  to  read,  to  write  and  to  execute  the  file  to  the 
owner,  the  owner's  group  and  to  all  other  users.  In 
addition,  the  GID  and  UID  bits  allow  developers  to  write 
programs  which  will  be  executed  by  users  and  will  maintain 
files  accessible  to  users  only  by  that  program.  The  idea  of 
permission  bits  for  a  directory  has  slightly  different 
meaning  than  for  files.  If  a  user  has  permission  to  execute 
a  directory,  this  actually  means  permission  to  search  the 
directory  for  a  given  file  in  order  to  access  files  in  that 
directory.   Write  permission  of  a  directory  is  translated  to 
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mean  that  creation  and  deletion  of  files  may  take  place. 
[Rit83]  File  protection  information  can  be  modified  with 
the  three  commands  chown,  chmod  and  chgrp  which  determine 
who  may  read,  write  or  execute  the  file.  The  rm  command 
serves  to  delete  files  and,  although  it  will  ask  for 
confirmation  on  a  file  for  which  the  requester  does  not  have 
write  permission,  the  file  can  be  removed,  regardless  of  the 
mode  or  owner.   [Woo85] 


UNIX  maintains  a  single  user,  called  the  "super-user",  who 
has  the  ability  to  read  any  file  and  write  any  non- 
directory.  It  can  also  change  protection  modes,  owner  UID 
and  GID  bits  and  may  execute  privileged  system  calls.  Since 
so  much  power  is  given  to  one  user,  it  is  clear  that  this  is 
a  flaw  in  the  security  system. 


Another  means  exists  of  attaining  super-user  status.  After 
a  disk  pack  or  tape  has  been  mounted  as  a  file  system,  the 
system  will  accept  what  it  contains..  Therefore,  by  mounting 
a  device,  an  authorized  user  may  be  able  to  corrupt  a 
system.  Disallowing  the  mounting  capabilities  appears  to  be 
the  only  solution.   [Rit83] 


There  is  an  extension  to  the  file  protection  modes  that 
enhances  security.  The  umask  command  enables  users  to  allow 
their  files  to  be  as  accessible  by  others  as  they  wish.  All 
files  subsequently  created  are  given  permissions  based  on 
the  user's  default  creation  mask  and  can  be  specified  to  be 
as  lenient  or  strict  as  desired.  This  gives  an  individual 
the  ability  to  impose  a  restriction  on  the  users  of  its 
files. 


UNIX  also  maintains  a  crypt  command  that  affords  greater 
protection  using  an  encryption  mechanism.  A  key  is 
associated  with  the  scrambling  of  the  file  to  ensure  privacy 
and  both  the  command  and  the  key  are  again  used  to  decrypt 
the  file.  In  addition,  the  file  may  be  packed  before 
encrypting  which  will  serve  both  to  add  more  security  and 
save  space  by  using  file  compression. 

In  order  to  maintain  different  divisions  of  users,  groups 
are  used  to  logically  bind  users  together.  Passwords  can 
also  be  attached  to  groups  to  restrict  those  users  not  in 
the   group   from  changing  to   it.   The  newgrp  command  will 
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allow  this  change  to  the  restricted  group  only  if  the 
password  is  input  correctly. 


UNIX  performs  probably  better  than  most  systems  on  the  issue 
of  password  security.  Each  user  is  associated  with  a 
password  that  must  be  entered  (but  is  not  written  to  the 
user's  screen)  at  each  login  and  is  stored  in  encrypted 
form.   [Woo85] 

1.3.4  System_Administr at  or  The  System  Administrator  is 
responsible  for  taking  care  of  a  system  by  keeping 
unauthorized  people  off  the  system,  keeping  users  from 
accessing  each  others  sensitive  information,  preventing 
integrity  loss  and  denying  service  to  excessive  resource 
requests.  UNIX  offers  assistance  in  many  of  these  areas. 
Auditing  programs  can  be  found  in  UNIX  that  locate 
inconsistencies  and  security  violations.  They  check  such 
things  as  device  files,  system  files  writable  by  anyone, 
logins  without  passwords,  and  those  logins  that  have  not 
been  recently  used. 


Users  can  also  be  required  to  periodically  change  their 
passwords.  A  password  aging  technique  mandates  a  maximum 
number  of  weeks  that  the  password  is  valid  and  a  minimum 
number  of  weeks  that  must  transpire  before  the  password  may 
again  be  changed.  In  addition,  the  users  should  be  made 
aware  that  the  passwords  chosen  should  not  be  simple,  easy 
to  decipher  words  like  first  name,  birth  date  or  address. 
Users  should  also  be  made  aware  of  any  tools  used  to 
increase  security,  and  better  practices  to  avoid  corruption. 

1 . 4   INGRES 

1.4.1  Introduction  The  INGRES  DBMS  is  a  relational  data 
base  developed  at  the  University  of  California  at  Berkeley 
to  be  run  under  the  UNIX  operating  system.  Primarily 
programmed  in  C,  INGRES  allows  users  to  access  their  data 
which  is  represented  by  a  collection  of  tables  in  the  data 
base.  Users  are  able  to  interact  with  even  very  large  data 
bases  through  the  high-level  QUEry  Language  called  QUEL.  It 
is  a  powerful  calculus  based  language  that  allows  actions  to 
be  performed  on  a  data  base  based  on  arithmetic  functions, 
set  valued  functions  or  aggregate  functions.  [Hel75]  The 
output  is  in  table  form  and  examples  of  particular  functions 
include  create,  append,  delete,  and  replace  relations, 
permit  the  use  of  your  relation  for  other  users  and  define 
integrity  constraints   on   relations.    In  addition,  INGRES 
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controls  concurrency  so  that  many  users  can  access  a  data 
base  simultaneously  if  the  data  base  security  and  protection 
controls  allow  access.  To  load  or  unload  a  data  base  of  its 
data,  utilities  are  provided,  and  system  resources  are  also 
monitored  to  provide  better  control  and  performance.  INGRES 
maintains  an  integrated  data  dictionary  that  contains  all 
system  information,  such  as  the  tables  defined  and  the 
column  names  associated  with  those  tables. 


The  underlying  problem  with  designing  relational  data  bases 
is  that  users  must  decide  what  data  must  be  represented  in 
their  data  bases  and,  once  accomplished,  may  result  in 
several  possible  representations  which  can  lead  to 
inconsistencies  in  the  data  base.  This,  however,  merely 
requires  that  the  design  of  the  data  base  be  studied  and 
chosen  efficiently.   [Row82] 

1.4.2  INGRES_Files  When  installing  INGRES,  the  user  must 
first  define  an  INGRES  "super-user",  called  ingres,  on  the 
machine  who  will  ultimately  own  all  of  the  INGRES  data  bases 
and  all  of  the  running  software.  After  logging  in  as  that 
user,  the  INGRES  tapes  are  copied  in  and  can  be  run  from  the 
parent  directory  of  the  user  ingres  (denoted  by  .../)  chosen 
by  the  system  administrator.  There  is  a  collection  of 
programs  in  ... /bin  which  are  executed  by  the  INGRES 
programs,  a  library  used  to  compile  user  programs  and  a 
concurrency  device  to  be  installed  in  the  kernel.  The 
directories  necessary  for  proper  execution  of  INGRES 
(located  in  .../)  are: 

bin  binary  files  constituting  INGRES 

files  files  used  by  INGRES 

data/base  data  bases  created  by  users 

demo  demonstration  package 

The  files  under  . . . /data/base  are  files  created  at  the  time 
each  data  base  is  created.  They  are  of  four  types.  An 
administration  file  contains  the  initialization  information 
and  the  user  identification  of  the  data  base  administrator 
(DBA).  The  system  relations  files  have  predefined  names  and 
are  owned  by  the  DBA.  There  are  6  of  these  system  relation 
files  or  catalogs  for  every  data  base  on  the  system.  They 
contain  information  relating  to  each  tuple  in  the  data  base, 
individual  domains  of  every  relation  and  secondary  indices 
in  the  data  base.  Also  there  are  two  catalogs,  protection 
and  integrity,  that  store  the  respective  constraints  for 
each  relation.  The  third  type  of  file  created  for  each  data 
base  stores  protection  predicates  specified  by  the  DBA  to 
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authorize  accessibility  to  data  bases.  There  are  also  other 
files  created  that  are  not  shared  by  the  DBA  and  serve  as 
temporary  storage  files.  Additional,  but  unnecessary, 
directories  for  minimally  using  INGRES  that  are  given  to  the 
user  on  the  INGRES  tape  are: 

doc         documentation 

lib         object  file  libraries 

source       INGRES  system  source  code 

A  "users"  file  is  maintained  by  INGRES  and  contains 
information  regarding  the  name,  identification  number, 
status  and  permission  rights  of  each  user.  An  INGRES  user 
must  be  entered  into  this  file  which  can  be  thought  of  as 
similar  to  the  UNIX  /etc/passwd  file.  [A1181] 

1.4.3  Security_Weaknesses_and_Strengths  A  definite  need 
for  data  base  protection  exists  because  it  is  estimated  that 
85%  of  all  computer  activity  involves  data  handling.  Much 
of  this  handled  data  is  sensitive  and  unauthorized  data 
access  could  be  extremely  serious.  The  longer  the  wait  to 
solve  the  security  problem,  the  less  likely  it  will  be  that 
cost  effective  solutions  will  be  available. 


One  approach  to  the  problem  uses  kernel  architecture  whereby 
all  functions  pertinent  to  security  are  included  in  the 
kernel  while  all  functions  that  are  not  important  are 
excluded.  It  is  not  yet  clear  that  a  kernel  design  for 
secure  data  management  will  minimize  the  amount  of  code 
involved  in  protection  and  still  allow  all  the  necessary 
functions  of  data  independence,  good  performance,  flexible 
reorganization  and  sophisticated  query  language  to  continue. 
The  major  reason  for  instituting  a  kernel  architecture  was 
the  difficulty  in  program  verification  for  large  pieces  of 
code.  The  design  was  applied  to  INGRES  because  of  its 
availability  in  both  the  particular  development  and 
university  environments,  its  structured  programming,  and  its 
ease  in  the  retrofitting  procedure  since  it  was  a  relational 
model.  The  conclusions  found  from  this  implementation  were 
that  the  retrofit  was  done  rather  easily,  however,  other 
functions  of  a  DBMS  affecting  security,  such  as  back-up 
recovery,  and  a  general  security  policy  were  not  included. 
This  method  met  with  arguments  from  one  of  the  key  persons 
responsible  for  developing  INGRES,  Michael  Stonebraker,  as 
to  its  feasibility.   [Dow79] 
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The  standard  INGRES  DBMS  makes  use  of  the  UNIX  file 
protection  method  in  its  handling  of  data  bases  as  files. 
When  INGRES  is  initialized  on  a  system  and  the  user  ingres 
is  created,  any  data  base  creations  form  files  listed  in 
.../data/bases.  These  files  list  ingres  as  the  owner  and 
the  actual  creator  of  the  data  base  (the  user  who  called 
"ingres"  and  the  "creatdb"  UNIX  commands)  is  listed  in  these 
files  as  the  DBA  for  all  future  references.  This  is  done 
through  the  use  of  the  UNIX  sticky  bit,  whereby  the  user's 
effective  ID  is  set  to  ingres,  so  any  files  created  at  this 
point  will  belong  to  ingres  and,  in  this  case,  with  an 
"owner  read,  owner  write,  no  other  access"  permission. 
Therefore,  these  files  cannot  be  modified  or  even  perused  by 
anyone  other  than  the  DBA,  ingres  and  the  system's  super- 
user.  In  this  way,  it  is  difficult  to  access  an  INGRES  data 
base  other  than  to  execute  "ingres".   [Sto76] 

By  the  use  of  some  QUEL  commands ,  however ,  a  DBA  can  add 
permissions  for  users  to  retrieve,  replace,  delete  or  append 
relations.  The  use  of  these  commands,  then,  automatically 
creates  the  possibility  of  security  problems.  The  more 
users  given  access  to  a  data  base,  the  greater  the 
possibility  that  the  data  base  can  be  corrupted  by  an 
unauthorized  user.  A  command  to  be  used  by  the  DBA  is  also 
available  to  clean  up  temporary  system  relations,  remove 
extraneous  files  and  either  report  on  or  destroy  expired 
relations.  This  helps  keep  a  more  secure  data  base  as 
unnecessary  information  is  discarded.  [Sie85] 

1.4.4  INGRES ^Implementation  The  Comprehensive  Epilepsy 
Program  (CEP)  which  began  in  1980  in  California  was  able  to 
handle  all  aspects  of  data  management  and  analysis. 
Flexibility  and  generality  in  the  operations  of  the 
facilities  were  important  since  CEP  is  composed  of  several 
groups  ranging  from  social  science  research  to  biomedical 
research.  The  needs  of  the  facility  in  the  area  of  data 
handling  included: 

a.  data  input  must  be  fast  and  precise;  a 
variety  of  forms  must  be  acceptable  and 
a  large  volume  of  data  was  to  be 
expected. 

b.  different  forms  containing  information 
about  the  same  patient  must  be 
organized  easily  and  properly  into  the 
data  base. 
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c.   transferring  of  data  to  and  from  the 
DBMS   to  analysis  programs  must  be 
relatively  easy  to  do. 
The  INGRES  DBMS  was  chosen  to  be  used  and  it  was  found  to  be 
reasonably  flexible,   its  input   and  output  could  be  sent 
directly  to  other  UNIX  programs  via  the   "pipe"   capability, 
however,   the  users  found  the  command  language  QUEL  to  be 
somewhat  difficult  to  use  and  not  very  "user-friendly" .   The 
data  base  security  never  seemed  to  .become  a  problem  in  this 
environment ,  but  rather  it  was  the  communication  of  the 
employees  at  the  data  handling  center  of  the  CEP  with  the 
other  areas  that  was  the  problem.   [Gre85] 

1 . 5   Commercial  Security  Methods  Available 

1.5.1  Introduction  The  current  solutions  to  security 
problems  are  more  commonly  including  a  combination  of 
software  and  hardware.  An  additional  peripheral  is  included 
that  must  communicate  with  the  software  in  order  to  better 
protect  the  system. 

1.5.2  Net  lock  One  example  of  a  new  hardware  peripheral  is 
the  Netlock  System  by  Datakey,  Inc.  which  is  a  security 
device  allowing  customer  control  over  remote  access  to  host 
computers.  The  Netlock  authenticates  the  remote  users' 
access  and  is  able  to  determine  who  is  trying  to  access  the 
system  and  from  where.  The  Netlock  system  consists  of  an 
intelligent  box  that  accepts  a  physical  key  from  the  user. 
The  key  is  encrypted  with  information  determining  what 
access  that  user  has  on  the  system.  The  key's  contents  are 
read,  and,  based  on  those  readings,  access  into  the  system 
is  granted  or  denied.  This  system  may  be  particularly 
helpful  in  a  network  environment ,  although  it  can  also  be 
used  to  "lock"  users  from  particular  features  or,  in  this 
case,  data  bases.  The  software  must  be  modified  to  validate 
the  key's  information  and  determine  if  accessibility  should 
be  granted.  This  may  not  be  an  extremely  feasible  solution 
to  the  data  base  security  problem,  but  it  may  be  a  viable 
product  for  other  security  problems.   [Dat85] 

1.5.3  Memory _Cards  Similar  to  the  Netlock  implementation, 
memory  cards  are  used  to  verify  a  user's  capability  to 
access  a  particular  entity.  That  entity  can  be  a  bit  of 
information,  a  file  or  an  entire  machine.  The  current 
generation  of  cards,  typically  taking  the  shape  of  a  credit 
card,  contains  both  a  microprocessor  and  memory  to  provide 
encryption  and  adequate  storage  of  access  information. 
Again  this  may  not  be  a  feasible  solution  to  this  security 
concern,  but  it  will  likely  have  many  applications.   [Fis85] 
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1 . 6  Current  Security  Problem 

Given  the  above  information,  the  problem  exists  whereby  an 
unauthorized  user  may  be  able  to  access  highly  sensitive 
data  in  a  particular  data  base.  If  a  user  is  able  to  create 
relations  in  a  data  base  and  disable  all  permissions,  the 
data  is  thought  to  be  secure.  If,  however,  other 
unauthorized  users  are  able  to  illegally  and  rather  easily 
acquire  passwords  which  allow  them  access  to  such  data 
bases,  added  security  measures  are  necessary.  Although 
INGRES  maintains  certain  security  measures,  additional  steps 
must  be  taken.  The  implementation  discussed  in  this  paper 
enhances  INGRES  security  by  placing  another  security  measure 
on  the  data  bases. 

1 . 7  Remaining  Chapters 

The  remainder  of  this  paper  deals  with  the  implementation  of 
additional  security  measures  to  the  INGRES  DBMS  at  Kansas 
State  University.  Chapter  2  supplies  both  the  general  and 
specific  requirements  of  the  implementation.  Following  in 
Chapter  3  is  the  Design  and  Chapter  4  is  the  actual  code 
constituting  the  implementation.  Chapter  5  then  deals  with 
future  possible  work  in  computer  security  and  a  conclusion 
of  the  paper. 
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Chapter  2  -  Requirements 


2 . 1  Introduction 

The  current  security  measures  of  the  INGRES  DBMS,  although 
adequate  for  most  data  bases,  can  be  enhanced  by  an 
inquiring  front  end  program.  The  need  exists,  especially  at 
an  institution  like  Kansas  State  University,  for  those  data 
bases  that  have  highly  privileged  information  such  as  grades 
and  personal  records. 

2.2  General  Requirements 

Although  permission  can  be  granted  or  denied  on  a  relation 
basis  in  INGRES,  the  opportunity  exists  whereby  an 
unauthorized  user  may  be  able  to  either  log  into  the  system 
as  another  user,  or  modify  the  file  permissions  of  the 
relations  and  view  the  data.  This  type  of  illegal  retrieval 
of  the  data  in  INGRES  data  bases  must  be  eliminated.  Since 
INGRES  uses  the  UNIX  file  protection  system,  read  and  write 
permission  is  granted  only  to  "ingres"  who  is  the  owner  of 
all  data  base  files.  To  legally  manipulate  or  peruse  the 
data  base,  the  user  must  be  the  Data  Base  Administrator 
(DBA)  or  an  authorized  user  given  permission  by  the  DBA. 
This  means  of  protection,  however,  does  not  discourage  those 
users  who  are  determined  to  gain  the  information.  Via 
programs  written  to  access  user's  passwords,  ill-gotten 
logins  can  be  used.  An  example  of  such  a  program,  called 
'su'  (which  stands  for  super-user),  taken  from  [Woo85]  is 
the  following  shell  routine  that  can  reside  in  a  directory 
where  the  su  (normally  found  in  /bin)  command  may  be  run: 

stty  -echo 

echo  "Password:  \c" 

read  X 

echo  " " 

stty  echo 

echo  $1  $X  i  mail  outside ! creep  # 

sleep  1 

echo  Sorry 

rm  su 

This  program  is  called  by  a  user  entering  su  expecting  to 
become  the  super-user  of  the  system.  This  user  is  then 
prompted  for  a  password,  however,  echo  to  the  terminal  has 
been  turned  off,  so  it  does  not  appear  on  the  screen.   After 
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the  password  has  been  entered  by  the  user,  it  is  mailed  to 
'creep';  the  program  sleeps  for  1  second  and  responds 
'Sorry'  to  the  user.  The  user  just  assumes  that  they  have 
mistyped  the  password  and  try  'su'  again.  This  'su'  program 
has  since  removed  itself,  however,  and  the  user's  next  call 
to  'su'  is  to  the  correct  system  program.  With  programs 
such  as  the  above  'su'  command  in  existence,  it  is  necessary 
to  take  all  precautions  with  password  safety,  however, 
additional  measures  must  be  incorporated  to  eliminate  data 
theft  and  corruption  as  much  as  possible. 

2 . 3  Specific  Requirements 

The  INGRES  DBMS  data  manipulations  are  based  on  two  kinds  of 
commands,  UNIX  and  QUEry  Language  (QUEL).  The  following  is 
a  list  of  the  different  commands  and  a  brief  description  of 
what  they  do : 

UNIX  Commands 
copydb  -  create  batch  files  to  copy  out  a  data  base  and 

restore  it. 
creatdb  -  create  a  data  base, 
destroydb  -  destroy  an  existing  data  base, 
equel  -  embedded  QUEL  interface  to  C  (???). 
helpr  -  get  information  about  a  data  base, 
ingres  -  INGRES  relational  data  base  management  system, 
printr  -  print  relations. 

purge  -  destroy  all  expired  and  temporary  relations, 
restore  -  recover  from  an  INGRES  or  UNIX  crash, 
sysmod  -  modify  system  relations  to  predetermined 

storage  structures, 
usersetup  -  setup  users  file. 


QUEL  Commands 
append  -  append  tuples  to  a  relation, 
copy  -  copy  data  into/from  a  relation  from/into  a  UNIX 

file, 
create  -  create  a  new  relation, 
define  -  define  a  subschema, 
delete  -  delete  tuples  from  a  relation, 
destroy  -  destroy  existing  relation(s). 
help  -  get  information  about  how  to  use  INGRES  or  about 

relations  in  the  data  base, 
index  -  create  a  secondary  index  on  an  existing 

relation, 
integrity  -  define  integrity  constraints, 
modify  -  convert  the  storage  structure  of  a  relation, 
permit  -  add  permissions  to  a  relation. 
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print  -  print  relations. 

range  -  declare  a  variable  to  range  over  a  relation. 

replace  -  replace  values  of  domains  in  a  relation. 

retrieve  -  retrieve  tuples  from  a  relation. 

save  -  save  a  relation  until  a  specified  date. 

view  -  define  a  virtual  relation. 

These  command  interface  directly  with  the  data  bases 
according  to  permissions  stored  in  administration  files  kept 
on  each  data  base. 

2.3.1  Front_End_Processor_to_INGRES_RelatedJ7NIX_Commands 
The  UNIX  commands  that  manipulate  INGRES  data  bases  must 
further  protect  the  data  by  validating  authorized  users  via 
data  base  keys.  This  is  mainly  needed  in  the  'printr' 
command  where  permissions  are  necessary  to  access  the  data. 
All  permission  data  should  then  be  done  on  the  relation 
level  thus  continuing  to  allow  every  INGRES  user  the  ability 
to  create  data  bases,  purge  their  old  relations,  modify 
their  contents  or  structures  and  destroy  them.  These  INGRES 
related  UNIZ  commands,  however,  must  be  run  by  a  command 
processor  that  will  be  in  a  menu  format .  Based  on  the 
command  chosen,  the  additional  security  measure  should  also 
occur . 

2.3.2  Front_End_Processor_to_INGRES_Commands  The  INGRES 
commands  listed  above  are  responsible  for  modifying  or 
deleting  existing  relations  and  should  include  additional 
protection  mechanisms  to  ensure  that  only  legitimate, 
authorized  persons  are  accessing  the  data  bases.  This  front 
end  processor  will  be  incorporated  in  the  UNIZ  front  end 
processor  within  the  INGRES  command  call.  It  must  also  be 
accessible  by  executing  another  command  that  would  handle 
only  INGRES  QUEL  commands.  A  mere  validation  of  the  user 
identification  number  is  insufficient  as  password  stealing 
is  common.  Any  of  the  above  commands  for  which  permission 
is  necessary  must  then  first  be  validated  for  that  user's 
current  knowledge  of  the  relation's  key.  If  the  accurate 
information  cannot  be  given,  access  to  that  relation  must  be 
denied.  When  creating  a  relation,  however,  the  user  should 
be  given  the  option  to  associate  it  with  a  key  or  not.  If 
the  protection  of  the  data  is  critical,  a  key  must  be  given; 
otherwise,  the  omission  of  the  key  may  allow  unauthorized 
users  to  gain  access  to  the  data.  In  this  way,  all 
operations  such  as  append,  destroy,  delete,  permit,  print, 
retrieve,  and  performing  operations  on  relations  must  be 
validated  as  to  the  user's  current  knowledge  of  the  key  to 
that  relation  before  modification. 
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Chapter  3  -  Detailed  Design 


3 . 1   Introduction 


The  INGRES  DBMS  includes  a  few  UNIX  commands  that  deal,  for 
the  most  part,  with  the  data  bases  as  a  whole  and  are  more 
frequently  used  by  either  the  DBA  or  the  INGRES  super-user, 
ingres.  In  addition,  there  are  INGRES  commands,  initiated 
by  first  calling  the  UNIX  command  "ingres",  that  operate  on 
specific  data  base  relations  and  tuples  within  those 
relations.  The  design  discussed  in  this  chapter  is  for  an 
implementation  of  an  inquiring  front  end  through  which  the 
INGRES  UNIX  commands  and  the  INGRES  QUEL  commands  must  be 
executed.  In  the  following  sections  each  of  the  INGRES 
related  UNIX  commands  will  be  described  and  their  design 
will  be  addressed.  In  addition,  the  control  flow  of  the 
implementation  and  some  other  considerations  are  discussed. 

3 . 2   Interface  to  the  User 

The  INGRES  inquiring  front  end  is  a  menu  driven  interface 
between  the  user  and  all  INGRES  related  commands.  By 
executing  the  command  "newingres" ,  the  user  is  supplied  with 
a  list  of  options  as  to  which  command  to  execute.  The 
format  of  that  menu  is  as  appears  in  Figure  3-1. 
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Below  are  the  INGRES  related  UNIX  commands  available: 

1)  CHANGEKEY  -  change  a  relation's  key. 

2)  COPYDB  -  create  batch  files  to  copy  out  a 

data  base  and  restore  it . 

3)  CREATDB  -  create  a  data  base. 

4)  DESTROYDB  -  destroy  an  existing  data  base. 

5)  HELPR  -  get  information  about  a  data  base. 

6)  INGRES  -  INGRES  relational  data  base  management 

system. 

7)  LISTREL  -  list  relations  a  user  has  access  to  in 

a  certain  data  base. 

8)  PRINTR  -  print  relations. 

9)  PURGE  -  destroy  expired  and  temporary  relations. 

10)  RESTORE  -  recover  from  an  INGRES  or  UNIX  crash. 

11)  SYSMOD  -  modify  system  relations  to  predetermined 

storage  structures. 

12)  EXIT  -  exit  from  this  user's  session. 

Please  Enter  COMMAND  NAME  or  NUMBER  or  '?'  for  Help: 
Figure  3-1.   Menu  of  INGRES  Related  UNIX  Commands 


The  user  can  then  access  any  of  the  commands  by  entering  the 
correct  command  number  and  will  then  be  prompted  for  the 
information  needed  for  that  command.  The  user  may  continue 
to  enter  command  numbers  and  execute  INGRES  commands  until 
all  data  base  work  is  accomplished.  This  may  include,  for 
example,  creating  one  data  base,  executing  QUEL  commands  on 
yet  another  data  base,  and  destroying  yet  a  third  data  base. 
In  this  way,  the  user  has  flexibility  to  request  one  command 
and,  when  complete,  continue  with  another.  Exiting  the 
front  end  processor  is  a  valid  command  and  must  be  entered 
when  the  INGRES  work  session  is  to  be  terminated.  Below  are 
descriptions  and  designs  of  all  of  the  other  valid  commands 
that  may  be  executed  by  the  INGRES  front  end. 

3 . 3   UNIX  Commands 

The  INGRES  related  UNIX  commands  generally  revolve  around 
the  maintenance  of  the  databases,  and,  therefore,  in  the 
case  of  each  of  the  commands  described  below,  the  user  is 
first  prompted  for  the  data  base  name  on  which  the  user 
wishes  to  work.  Following  is  a  listing  of  each  of  the 
INGRES  related  UNIX  commands  accompanied  by  a  brief 
description  and  explanation  of  design. 
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3.3.1  An  added  command,  "changekey",  is  executable  by 
INGRES  users  via  the  front  end  processor.  "Changekey" 
allows  the  DBA  to  change  the  key  of  an  encrypted  relation  or 
apply  a  key  to  a  previously  unencrypted  relation.  The  user 
is  prompted  for  the  relation  name  and  the  old  key,  if 
applicable.  The  new  key  is  requested  and,  after  having  been 
input,  is  requested  again  to  verify  the  appropriate  key. 
The  relation  is  then  encrypted  using  the  new  key,  and  the 
decrypted  file  is  removed. 

3.3.2  The  "copydb"  command  will  create  batch  files,  copy. in 
and  copy. out,  for  a  particular  data  base,  which  will  create 
a  copy  of  a  data  base  or  restore  it  after  destruction.  If 
this  command  is  chosen,  the  front  end  processor  will  prompt 
the  user  for  the  full  path  name  of  the  directory  where  the 
two  files  are  to  be  created.  In  addition,  the  user  will  be 
asked  if  this  is  to  be  done  on  specific  relations  or  on  all 
relations  owned  by  the  user.  If  any  of  the  relations 
specified  have  been  previously  encrypted  using  the  INGRES 
"create"  command  or  the  UNIX  "changekey"  command,  the  user 
will  now  be  prompted  for  the  key  to  that  specific  relation. 
The  front  end  processor  will  then  decrypt  the  relation  using 
the  supplied  key  and  will  continue  with  the  next  encrypted 
relation,  if  applicable.  If  the  user  supplies  an  incorrect 
key,  they  will  be  alerted  by  a  standard  error  message  that 
the  particular  relation  could  not  be  decrypted  because  the 
key  was  incorrect  and  that  if  access  to  that  relation  is 
still  desired,  the  user  must  begin  again.  The  user  will 
also  be  prompted  as  to  whether  or  not  the  -u  option  is  to  be 
specified  when  calling  "copydb".  This  option  allows  the 
user  to  run  "copydb"  with  a  different  user  identification, 
and,  although  it  allows  successful  creation  of  the  copy 
files,  it  does  not  imply  that  the  user  can  necessarily 
access  the  specified  relations.  The  UNIX  command  "copydb" 
is  then  executed  by  the  front  end  processor  and  following 
successful  completion,  the  previously  decrypted  files  will 
be  encrypted  to  restore  the  relations  to  their  original 
state. 

3.3.3  The  "creatdb"  command  allows  an  INGRES  user  to  create 
a  new  data  base  or  modify  the  status  of  an  existing  data 
base.  In  the  first  case,  the  person  executing  the  command 
becomes  the  DBA  of  the  newly  created  data  base;  in  the 
second  case,  the  user  must  be  the  DBA.  Several  options  are 
also  offered  with  this  command  to  specify  such  things  as 
concurrency  control  schemes  or  query  modification.  After 
choosing  "creatdb"  via  the  front  end  processor  menu 
discussed  above,  another  submenu  is  displayed  to  the  user  to 
specify  the  desired  options  as  shown  in  Figure  3-2. 
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creatdb  options 

1)  -uname  =  specify  a  different  DBA  called  'name'. 

2)  -e  =  modify  options  for  an  existing  database. 

3)  -m  =  specifies  that  the  UNIX  directory  in  which 

the  data  base  is  to  reside 
already  exists. 

4)  +/-c  =  turns  on  (+)  or  off  (-)  the  concurrency 

control  scheme. 

5)  +  /-q  =  turns  on  (+)  or  off  (-)  query  modification. 

6)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-2.   Options  for  creatdb  Command 


The  user  is  then  able  to  specify  options  and  the  front  end 
processor  will  formulate  a  command  and  execute  it. 

3.3.4  The  "destroydb"  command  allows  either  the  DBA  or  the 
INGRES  super-user,  Ingres,  to  remove  all  references  and  all 
related  files  of  an  existing  data  base.  After  the  user  has 
input  the  data  base  name  according  to  the  front  end 
processor's  request,  a  menu  is  supplied,  as  shown  in  Figure 
3-3,  to  allow  the  user  to  specify  that  the  UNIX  directory 
storing  all  of  the  data  base  files  should  not  be  removed. 
Following  the  option  selection,  the  "destroydb"  command  will 
be  executed  and  the  data  base  removed. 

destroydb   options 

1)  -s  =  INGRES  superuser  must  use  this  to 

execute  destroydb. 

2)  -m  =  specifies  that  the  UNIX  directory  in 

which  the  data  base  resides 
is  not  to  be  removed. 

3)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-3.   Options  for  destroydb  Command 
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3.3.5  To  give  information  about  a  specified  relatione s)  in 
a  particular  data  base,  the  "helpr"  command  is  used.  After 
the  user  has  input  the  data  base  name,  the  front  end 
processor  will  prompt  the  user  for  relation  names  for  which 
help  is  requested.  In  addition,  prior  to  completing  the 
"helpr"  command,  the  user  may  specify  an  option  based  on  the 
menu  in  Figure  3-4. 

helpr  options 

1)  -uname  =  specify  a  different  DBA  called  'name'. 

2)  +/-w  =  wait /do  not  wait  for  the  data  base. 

3)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-4.   Options  for  helpr  Command 


3.3.6  If  the  command  "ingres"  is  requested,  the  user  will 
be  prompted  for  the  data  base  name  and  the  relations  on 
which  work  is  to  be  done.  The  user  will  no  longer  have 
direct  access  to  the  "ingres"  command  which  will  enforce  an 
added  layer  of  security.  Instead,  the  only  access  to  INGRES 
commands  will  be  through  the  front  end  processor, 
"newingres",  and  specifying  the  command  "ingres"  from  the 
menu  or  by  executing  compiled  EQUEL  programs  to  be  discussed 
below.  The  validation  checks  done  by  this  front  end 
processor  will  monitor  and  prevent  the  unauthorized  use  of 
privileged  data  bases.  After  the  relation  names  on  which 
the  user  requests  work  to  be  done  have  been  gathered,  a  list 
is  formed  to  determine  the  following: 

a.  that  the  user  has  been  given  permission 
by  the  DBA  to  view  the  specified  data 
base  relations.  This  information  is 
stored  in  an  INGRES  administration 
relation  kept  in  the  data  base's 
directory. 

b.  if  any  of  the  requested  relations  are 
encrypted.  When  a  relation  is  created, 
the  user  will  have  the  opportunity, 
prior  to  exiting  the  command  processor, 
of  having  that  relation  encrypted  to 
provide  further   security  control.   A 
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list  of  those  encrypted  relations 
within  the  data  base  will  be  maintained 
by  the  command  processor  in  a  file 
called  ".crypt"  located  in  each  data 
base  directory.  This  file  will  only  be 
accessible  by  this  command. 

An  error  message  will  be  output  if  a  user  requests  a 
relation  that  does  not  exist .  However,  if  the  relation  does 
exist,  the  user  has  access  permission,  and  it  is  encrypted, 
the  user  will  then  be  prompted  for  the  key  for  decrypting 
the  data  base  relation.  The  encrypted  relation  is  stored  in 
the  data  base  directory  in  a  file  by  the  same  name  as  the 
relation  name  which  is  how  unencrypted  data  base  relations 
are  currently  maintained  by  INGRES.  The  encrypted  relation 
will  then  be  decrypted  into  a  temporary  file  and  copied  into 
the  relation  name  file  in  the  data  base  directory  in  order 
that  all  INGRES  commands  will  operate  successfully.  After 
the  relations  have  been  decrypted,  the  front  end  processor 
provides  an  option  menu  to  the  user  in  the  form  of  Figure 
3-5. 
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ingres   options 

1)  +/-U  =  enable /disable  direct  update  of  the 

system  relations  and  secondary  indices. 

2)  -uname  =  specify  a  different  DBA  called  'name'. 

3)  -cN  =  set  the  minimum  field  width  for  printing 

character  domains  to  N. 

4)  -ilN  =  set  integer  output  field  width  to  N. 

5)  -flxM.N  =  set  floating  point  output  field 

width  to  M  characters  with  N 
decimal  places. 

6)  -vX  =  set  the  column  separator  for  retrieves  to 

the  terminal  and  print  commands  to  be  X. 

7)  -rM  =  set  modify  mode  on  the  retrieve  command 

to  M. 

8)  -nM  =  set  modify  mode  on  the  index  command  to  M. 

9)  +  /-a  =  set/clear  the  autoclear  option  in  the 

terminal  mode. 

10)  +/-b  =  set/reset  batch  update. 

11)  +/-d  =  print/do  not  print  the  dayfile. 

12)  +/-s  =  print /do  not  print  any  of  the  monitor 

messages,  including  prompts. 

13)  +/-w  =  wait /do  not  wait  for  the  database. 

14)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-5.   Options  for  ingres  Command 


The  "ingres"  command  is  then  executed  by  the  front  end 
processor  passing  the  data  base  name  and  any  other 
appropriate  parameters.  When  the  "ingres"  command  has 
completed  (the  user  has  entered  "\q"  or  "<cntl  d>" 
signifying  termination  of  INGRES  and  QUEL  data  base 
manipulations),  the  command  processor  will  finish  any  duties 
necessary.  If  relations  had  been  decrypted  prior  to  calling 
"ingres",  they  will  now  be  encrypted  using  the  same  key. 
The  decrypted  file  will  be  unlinked,  so  that  access  to  the 
legible  file  is  impossible.  If,  however,  a  decrypted  file 
of  a  previously  known  relation  does  not  exist,  it  likely 
means  that  a  "delete"  (to  delete  a  relation)  command  was 
executed.  In  this  case,  the  front  end  processor  will  verify 
in  the  "admin"  (administration)  relation,  located  in  each 
data  base  directory,  that  the  relation  does  not  exist.  Also 
a  check  is  made  against  all  of  the  relations  in  the  data 
base  versus  those  that  existed  prior  to  the  "ingres"  call  to 
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determine  if  any  new  data  bases  were  created.  If  "create" 
was  executed  to  create  a  new  relation,  the  command  processor 
will  ask  the  user  if  this  new  relation  should  be  encrypted 
and,  if  so,  what  is  the  key.  After  the  user  has  input  the 
key,  they  are  again  prompted  for  it  to  ensure  that  typing 
mistakes  were  not  made.  The  relation  will  then  be  encrypted 
and  the  original  file  storing  the  relation  will  be  unlinked. 

3.3.7  The  "listrel"  command  enables  an  INGRES  user  to 
determine  to  which  relations  in  a  given  data  base  access  has 
been  given.  In  addition,  it  will  be  indicated  on  the  output 
whether  or  not  the  listed  relation  has  been  encrypted  by  the 
DBA  determining  that  any  user  must  also  know  the  key  in 
order  to  execute  any  command  on  that  relation.  An  example 
of  output  from  this  command  is  shown  in  Figure  3-6. 

User  Name :   sabrack 

Data  Base  Name:      employee 

Relation  Name  Relation  Name 

managers  first_shift 

second_shift  third_shift 

overtime*  payroll* 

family_info*  previous_exp 

dept_to_mgrs  equipment 


*  indicates  that  the  relation  is  encrypted. 
Figure  3-6.   List  of  User's  Relations 


3.3.8  The  "printr"  command  prints  specified  relations  out 
of  the  particular  data  base.  Therefore,  after  the  data  base 
name  has  been  retrieved,  the  front  end  processor  requests 
the  relation(s)  which  are  to  be  printed.  In  addition,  the 
user  will  be  prompted  for  the  keys  if  the  relation  has  been 
encrypted  and  the  relation  will  be  decrypted  based  on  these 
keys.  Flags  are  also  accepted  with  this  command  and  are 
shown  to  the  user  as  in  Figure  3-7.  The  command  is  then 
executed  and  the  user  is  returned  to  the  front  end  command 
menu. 
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printr   options 

1)  -uname  =  specify  a  different  DBA  called  'name'. 

2)  -cN  =  set  the  minimum  field  width  for  printing 

3)  -ilN  =  set  integer  output  field  width 

to  N. 

4)  -flxM.N  =  set  floating  point  output  field 

width  to  M  characters  with  N 
decimal  places . 

5)  -vX  =  set  the  column  separator  for  retrieves  to 

the  terminal  and  print  commands  to  be  X. 

6)  +/-w  =  wait /do  not  wait  for  the  database. 

7)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  command  desired: 
Figure  3-7.   Options  for  printr  Commands 


3.3.9  "Purge"  allows  the  DBA  or  the  INGRES  super-user  to 
purge  all  expired  and  temporary  relations.  In  the  case  of 
this  command,  a  user  may  or  may  not  specify  a  data  base 
name.  If  one  is  not  given,  all  of  the  data  bases  for  which 
the  user  is  the  DBA  or,  if  the  user  is  ingres  and  the  -s 
option  is  chosen,  all  data  bases  will  be  purged.  Therefore, 
the  front  end  processor  will  request  that  a  particular  data 
base  name  or  'all'  be  specified.  The  user  will  then  be 
shown  the  flag  menu  as  listed  in  Figure  3-8  and  the 
appropriate  command  will  be  executed.  NOTE:  If  the  -f  flag 
is  used,  the  .crypt  files,  which  store  the  names  of  the 
encrypted  relations  in  the  data  base,  may  be  removed. 
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purge   options 

1)  -p  =  expired  user  relations  are  deleted. 

2)  -f  =  causes  unrecognizable  files  to  be  deleted. 

3)  -a  =  causes  messages  to  be  printed  about  the 

pending  operation  and  execute  it  only 
if  the  response  is  a  'y'. 

4)  -s  =  INGRES  superuser  must  use  this  to 

execute  purge. 

5)  +/-w  =  wait /do  not  wait  for  the  database. 

6)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-8.   Options  for  purge  Command 


3.3.10  The  "restore"  command  enables  either  the  DBA  for  a 
data  base  or  the  INGRES  super-user  to  recover  a  data  base 
after  an  INGRES  or  UNIX  crash.  Similar  to  the  "purge" 
command  above,  either  a  particular  data  base  is  specified  or 
all  data  bases  for  which  the  user  is  the  DBA  or,  if  the  -s 
option  is  specified  in  the  menu  below  by  ingres,  all  data 
bases  will  be  restored.  Once  again  the  options  appear  to 
the  user  as  in  Figure  3-9  and,  upon  completion  of  the  user 
requests,  the  command  is  executed  to  restore  the  requested 
data  base(s).  NOTE:  If  the  restore  command  executes  with 
no  errors,  the  purge  command  is  executed.  If  the  -f  flag  is 
used,  the  .crypt  files  which  store  the  names  of  the 
encrypted  relations  in  the  data  base  may  be  removed. 
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restore   options 

1)  -p  =  if  restore  completes  with  no  errors, 

purge  is  called  and  expired  user 
relations  are  deleted. 

2)  -f  =  if  restore  completes  with  no  errors, 

purge  is  called  and  unrecognizable 
files  will  be  deleted. 

3)  -a  =  causes  messages  to  be  printed  about  the 

pending  operation  and  execute  it  only 
if  the  response  is  a  'y'. 

4)  -s  =  INGRES  superuser  must  use  this  to 

execute  restore. 

5)  +/-w  =  wait /do  not  wait  for  the  database. 

6)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-9.   Options  for  restore  Command 


3.3.11  In  order  for  a  DBA  to  modify  its  data  base's  system 
relations  or  for  the  super-user,  ingres,  to  modify  any  data 
base's  system  relations,  the  command  "sysmod"  must  be 
executed.  Figures  3-10  and  3-11  specify  the  screen  output 
to  the  user  to  specify  options  and  which  system  relations  to 
modify  to  gain  maximum  access  performance  when  running 
INGRES. 

sysmod   options 

1)  -s  =  INGRES  superuser  must  use  this  to 

execute  sysmod. 

2)  +/-w  =  wait /do  not  wait  for  the  database. 

3)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  option  desired: 
Figure  3-10.   Options  for  sysmod  Command 
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sysmod  relations 

1)  relation 

2)  attribute 

3)  indexes 

4)  tree 

5)  protect 

6)  integrities 

7)  EXIT  =  exit  from  this  option  session. 

Please  enter  the  number  of  the  relation  desired: 
Figure  3-11.   Relations  for  sysmod  Command 


3.4  Error  and  Interrupt  Handling 

An  error  handling  routine  will  be  called  in  the  case  of 
system  errors  or  non-recoverable  errors  by  the  user.  This 
will  normally  terminate  the  "newingres"  command.  Sometimes, 
however,  it  may  only  cause  the  current  command  to  be 
terminated  and  further  execution  of  the  INGRES  commands  may 
continue.  Interrupts  such  as  a  hang  up  of  the  terminal,  a 
delete  of  the  command  or  a  power  fail  may  cause  momentary  or 
complete  disruption  of  the  command.  If  the  command  is 
terminated,  however,  an  interrupt  handling  routine  will  be 
called  first  to  clean  up  all  residue  of  previous  calls. 
This  would  include  the  encrypting  of  any  previously 
decrypted  relations  and  the  removal  of  those  decrypted 
relation's  files.  In  this  way,  an  interrupted  INGRES 
session  is  not  susceptible  to  data  theft  or  corruption  by 
unauthorized  users.  Specific  error  messages  and  their 
meanings  include  the  following: 

a.  ERROR:   Wrong  Key  Given! 

The  key  that  was  input  was  incorrect . 
If  access  to  the  relation  is  still 
desired,  it  will  be  necessary  to  begin 
the  command  again.  This  may  be  output 
during  any  of  the  commands  "copydb", 
"ingres",  or  "printr". 

b.  ERROR:   Invalid  Data  Base  Name! 

A  data  base  name  exceeding  14 
characters  was  entered.  The  user  will 
then  be  prompted  for  a  valid  data  base 
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name . 

c.  ERROR:   Data  Base  Does  Not  Exist! 

The  data  base  requested,  by  the  user 
does  not  exist . 

d.  ERROR:   Relation  Does  Not  Exist! 

The  relation  requested  by  the  user  via 
the  "ingres"  command  does  not  exist  in 
this  data  base. 

e.  ERROR:   System  Call  Failed! 

A  system  call  such  as  a  create,  open, 
read  or  write  of  a  file  has  failed. 
This  may  occur  if  too  many  files  were 
open  at  a  time  or  if  there  was  a  system 
overload  and  the  command  could  not  be 
executed. 

f.  ERROR:  Key  will  not  be  added/ changed! 
The  user  failed  to  accurately  input  the 
new  key  for  a  relation,  given  two 
chances  to  do  so.  Therefore,  at  this 
time,  the  key  will  not  be  added  or 
modified  for  this  relation. 

3 . 5  Control  Flow 

The  general  control  flow  in  this  design  travels  from  the 
main  command  processor  of  the  INGRES  front  end  to  the 
particular  command  chosen  and  then  back  to  the  main  command 
processor  as  shown  in  Figure  3-12.  A  more  specific  look  at 
the  detailed  design  results  in  flow  which  appears  much  like 
Figure  3-13.  Although  the  menu  acting  as  the  command 
processor  is  still  shown  as  both  the  start  and  the  end  of  a 
particular  cycle  of  a  command,  the  functions  between  are 
more  detailed.  The  data  base  name  must  first  be  entered 
and,  depending  on  the  command,  relations  must  then  be 
gathered,  keys  must  be  requested,  and  relations  are 
decrypted.  Finally,  in  all  cases,  except  listing  of  a  users 
relations,  a  particular  command  menu  is  generated  to  allow 
the  user  to  choose  options  specific  to  that  command  and  then 
the  execution  of  that  command  by  the  front  end  processor 
follows. 
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3 . 6   Commands  Excluded 

Some  considerations  exist  that  prohibit  the  inclusion  of  two 
INGRES  related  UNIX  commands  in  this  front  end  processor. 

3.6.1  The  UNIX  command  "usersetup"  reads  and  reformats  the 
/etc/passwd  file  to  create  a  new  file  which  becomes  the 
INGRES  users  file  kept  in  /usr/ingres/files/users.  This 
command  is  executed  only  once  to  initially  create  the  users 
file,  therefore,  it  was  felt  that  it's  inclusion  in  this 
command  processor  would  be  unnecessary.  It  is  hoped  that  at 
some  time  the  "usersetup"  command  will  be  capable  of  also 
updating  or  modifying  the  users  file  with  new  or  changed 
users  as  listed  in  the  password  file,  but  until  that  time, 
it  will  be  omitted  from  this  processor. 

3.6.2  The  "equel"  command  provides  a  user  with  a  way  of 
interfacing  the  C  programming  language  with  INGRES.  It  is 
comprised  of  the  EQUEL  pre-compiler  and  the  EQUEL  runtime 
library.  Because  it's  product  is  actually  executable  C  code 
with  Embedded  QUEL  statements,  it  cannot  feasibly  be 
included  in  this  INGRES  front  end  processor.  The  compiled 
code  may  be  executed  outside  the  realms  of  this  INGRES  front 
end,  and,  therefore,  the  decryption  of  the  used  relations  is 
impossible  prior  to  the  call  to  the  EQUEL  program.  The 
encryption  mechanism  utilized  in  this  implementation  does, 
however,  guarantee  that  use  of  protected  and  encrypted 
relations  will  not  be  successfully  included  in  the  EQUEL 
programs  as  access  to  the  relations  cannot  properly  be 
accomplished. 
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Chapter  4  -  Implementation 


4 . 1  Introduction 

The  INGRES  front  end  processor  deals  with  the  various  UNIX 
commands  that  manipulate  the  data  bases  and  their  relations. 
This  chapter  deals  with  the  implementation  of  that  processor 
and  describes  the  routines  and  global  variables  involved. 
The  actual  C  code  for  the  implementation  is  included  in 
Appendix  A. 

4 . 2  Variables 

Several  global  variables  are  needed  to  implement  the  INGRES 
front  end  processor  as  many  routines  are  involved  in  either 
manipulating  them  or  reading  them  and  processing  other  data 
based  on  their  values.  The  following  is  a  list  of  those 
variables  and  a  brief  explanation  of  their  use. 

1.  cryptfile  -  A  character  array  that 
holds  the  full  path  name  of  the 
".crypt"  file  in  the  data  base's 
directory. 

2.  relname  -  A  character  array  that  holds 
the  full  path  name  of  the  relation  that 
is  currently  being  worked  on. 

3.  dbname  -  A  character  array  holding  the 
full  path  name  of  the  current  data  base 
being  worked  on. 

4.  database  -  The  name  of  the  data  base 
being  worked  on.  This  is  used  to 
construct  file  paths  for  the  ".crypt" 
file  and  the  temporary  file  created  to 
store  the  encrypted  or  decrypted  data 
base  prior  to  moving  it  to  it's 
destination  file. 

5.  files  -  An  array  of  character  pointers 
pointing  to  the  list  of  relations  that 
are  encrypted  and  that  the  user  has 
requested  work  on. 
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6.  keys  -  An  array  of  character  pointers 
pointing  to  the  list  of  encryption  keys 
that  the  user  has  requested  work  on. 
These  are  the  actual  user  keys  that 
have  been  encrypted  and  are  stored  in 
the  ".crypt"  file  in  their  encrypted 
form. 

7.  errno  -  An  integer  used  to  determine 
the  reason  for  an  error  in  system 
calls. 

8.  newkey  -  A  pointer  to  a  character 
string  that  holds  the  new  key  for  the 
relation  currently  being  worked  on. 

9.  cfd  -  The  file  descriptor  of  the 
".crypt"  file  in  the  current  working 
data  base. 

10.  placenum  -  An  integer  used  as  a  place 
holder  in  the  ".crypt"  file  to 
determine  which  relation  within  the 
file  is  currently  being  worked  on. 

11.  crkey  -  A  structure  composed  of  a 
character  array  that  is  long  enough  to 
store  the  key  resulting  from  the  UNIX 
"makekey"  function.  The  output  of  the 
call  is  placed  in  a  file  that  is  then 
read  based  on  this  structure. 

12.  cr  -  A  structure  composed  of  two  arrays 
of  character  pointers.  One  array 
points  to  the  names  of  the  relations 
that  have  been  encrypted  in  the  data 
base  and  the  other  array  points  to  the 
encrypted  keys  of  each  of  those 
relations.  This  is  the  structure  used 
in  building  and  reading  the  ".crypt" 
file  in  each  data  base  directory. 

4 . 3  Routines 

The  commands  discussed  in  Chapter  3  require  several  routines 
to  handle  things  such  as  prompting  the  user  for  the  data 
base  name  and  handling  system  errors  or  interrupts.  Figures 
4-1,  4-2,  and  4-3  exhibit  the  flow  of  control  within  this 
implementation.   The  INGRES  related  UNIX  commands  that  will 
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entail  only  prompting  the  user  for  information  and  building 
a  command  line  are  highlighted  in  Figure  4-1.  Most  of  these 
commands  deal  with  the  data  base  as  a  whole.  The  circle 
named  "actual  operations  on  data  bases  and  relations"  is 
expanded  in  Figure  4-2.  It  displays  the  interaction  between 
the  routine  necessary  to  handle  those  INGRES  commands  that 
work  with  the  relations  of  a  data  base.  The  bubble  titled 
"routines  for  INGRES  data  base  commands"  includes  those 
highlighted  in  the  previous  Figure.  Figure  4-3  displays  the 
user  interface  and  file  access  necessary  in  this 
implementation.  The  prompts  deal  mainly  with  relation  names 
and  keys  and  the  files  are  used  to  manipulate  those  keys  in 
encrypting  and  decrypting  those  relations.  Below  are  brief 
explanations  that  further  define  all  of  the  routines  that 
appear  in  these  Figures. 
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4.3.1  The  checking  for  the  user's  command  request  is 
accomplished  in  the  main()  routine.  The  input  can  either  be 
the  number  associated  with  the  command  in  the  help  menu,  or 
it  can  be  the  name  of  the  command  itself.  This  allows 
flexibility  in  parsing  user  input . 

4.3.2  The  menuQ  routine  prints  the  help  menu  to  the  user 
with  a  listing  of  valid  commands  and  a  brief  description  of 
the  function  of  the  command.  It  completes  by  asking  the 
user  to  input  the  command  name  or  number  selected. 

4.3.3  After  the  valid  command  has  been  input,  the 
checkpickO  routine  will  do  the  high  level  processing  of  the 
command.  The  major  responsibility  of  this  routine  is  to 
call  other  routines  to  accomplish  the  set  up  necessary  to 
execute  any  of  the  commands . 

4.3.4  The  getdbnameO  routine  is  responsible  for  prompting 
the  user  for  a  data  base  name  on  which  to  work.  The  syntax 
for  a  valid  data  base  name  is  checked  by  ensuring  only  names 
of  14  or  fewer  characters  are  input.  In  addition,  a  check 
is  made  to  validate  that  it  is  indeed  an  existing  data  base. 
Otherwise,  an  error  message,  "ERROR:  Data  Base  Does  Not 
Exist ! "  will  be  output  and  the  user  is  asked  to  input 
another  data  base  name.  Input  of  three  consecutive  invalid 
data  base  names  will  result  in  prompting  for  another 
command . 

4.3.5  The  user  must  be  prompted  for  one  or  more  relations 
in  the  majority  of  the  commands.  Therefore,  the 
getrelnameO  routine  will  accept  as  a  parameter  an  "s"  or 
"»"  for  a  single  relation  or  multiple  relations. 
GetrelnameO  prompts  the  user  for  a  relation  name  and,  based 
on  another  parameter  ("e"  for  an  existing  relation  or  "n" 
for  a  new  relation),  it  will  do  one  of  the  following: 

1.  verify  that  the  relation  exists;  scan 
the  ".crypt"  file  (lists  of  all  of  the 
encrypted  relations  in  that  data  base) 
in  the  data  base's  directory  and 
determine  if  the  given  relation  appears 
there.  If  it  is  listed,  return  to  the 
calling  routine  that  this  relation  is 
encrypted. 

2.  verify  that  the  relation  does  not 
exist;  place  this  relation  name  on  a 
"newrelation"  list  to  be  used  after  the 
"Ingres"   call   to   verify  all  new 
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relations  and  ask  the  user  if  a  key 
should  he  applied. 

3.  return  an  error  if  the  relation  does 
not  exist  or  if  a  system  call  failed. 

4.  return  to  the  calling  program  since  the 
user  has  completed  the  list  of 
relations  to  be  worked  on. 

4.3.6  The  getoldkeyO  routine  is  called  when  an  encrypted 
relation  is  to  he  decrypted  and  the  user  must  first  be 
prompted  for  the  appropriate  key.  Echo  will  be  turned  off 
on  the  user's  terminal  in  order  that  the  response  to  the 
prompting  for  the  key  cannot  be  viewed.  This  key  will  then 
be  used  to  create  an  encryption  key  to  be  stored  in  the 
".crypt"  file  in  the  data  base's  directory  with  the 
relation's  name.  This  implementation  is  similar  to  the  way 
in  which  passwords  are  maintained  in  the  UNIX  password  file. 
The  user  inputs  a  password  (or  key);  it  is  then  encrypted 
using  the  "makekey"  UNIX  function  (which  generates 
encryption  keys)  and  is  stored  in  it's  encrypted  form.  The 
output  of  the  "makekey"  command  is  redirected  to  a  file  and 
then  read  and  stored  as  that  relation's  key.  When  the 
user's  response  to  "What  is  your  old  key?"  is  received,  it 
is  sent  to  the  makekey  command;  an  encryption  key  is 
generated  and  is  compared  to  that  encryption  key  stored  in 
the  ".crypt"  file.  Therefore,  the  keys  themselves  are  not 
stored  in  any  file  in  raw  form,  but  rather  their  encrypted 
form  is  saved  and  used  for  comparisons.  In  this  way  proper 
control  of  the  keys  is  maintained.  This  routine  will  output 
an  error  that  the  wrong  key  was  given  if  it  is  incorrect  and 
the  user  will  be  prompted  for  another  command  on  which  to 
work. 

4.3.7  The  user  is  asked,  within  the  getnewkeyO  routine,  to 
enter  the  new  key  for  encrypting  a  relation.  It  is  called 
when  a  new  relation  is  created  or  when  a  DBA  decides  to  add 
or  change  the  encryption  key  for  an  existing  relation.  Echo 
will  be  turned  off  on  the  user ' s  terminal  in  order  that  the 
response  to  the  prompting  for  the  key  cannot  be  viewed.  The 
user  will  be  asked  to  input  the  key  twice  to  ensure  that 
typing  mistakes  do  not  occur.  If  the  key  is  not  entered 
identically  twice  in  a  row,  the  user  is  given  another  chance 
to  input  it  twice.  After  the  second  try,  this  routine  will 
respond  that,  at  this  time,  the  key  will  not  be  added  or 
changed.  Within  this  routine  the  encrypt_relations( ) 
routine  is  called  to  encrypt  the  given  relation  with  the 
newly  input  key.   After  the  encryption  takes  place,  the  new 
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key  is  input  to  the  UNIX  "makekey"  command  and  the  result  is 
is  stored  in  the  ".crypt"  file  to  be  used  for  comparison 
purposes  the  next  time  that  relation  is  accessed. 

4.3.8  Given  the  key  retrieved  in  the  above  routine,  the 
encrypt_relations( )  routine  will  actually  encrypt  the  given 
relation.  It  will  use  the  "crypt"  UNIX  command  to  encrypt 
the  relation  and  place  the  newly  encrypted  file  in  a 
temporary  file  (called  .temper  in  the  data  base  directory) 
and  then  move  it  back  into  it's  original  file  in  the  data 
base  directory  which  is  named  the  same  as  the  relation  name. 

4.3.9  The  decrypt ()  routine  does  the  opposite  of  the  above 
routine.  It  is  called  by  getoldkeyO  once  it  is  determined 
from  the  user  the  appropriate  key  for  this  relation.  It 
then  will  decrypt  the  relation  stored  in  the  data  base 
directory  under  the  relation  name  and  place  it  in  a 
temporary  file.  It  will  then  move  that  temporary  file  back 
into  the  file  which  is  the  same  as  the  relation  name. 

4.3.10  The  build_exec()  routine  will  formulate  the  command 
that  is  to  be  executed  and  will  then  do  so.  Upon  successful 
completion,  it  will  return  to  the  main  menu  for  another 
command  to  be  worked  on. 

4.3.11  A  routine  called  syserr()  is  responsible  for 
producing  a  message  when  a  system  call  has  failed.  It  will 
print  out  a  number  associated  with  a  particular  place  in  the 
code  for  debugging  purposes. 

4.3.12  The  interrupt_handler()  will  handle  the  cases  when 
an  interrupt  is  received  and  clean  up  work  is  necessary. 
The  relations  that  have  been  decrypted  must  be  encrypted 
before  the  program  terminates  and  this  routine  is 
responsible  for  handling  this. 

4.3.13  The  user  must  be  able  to  view  the  list  of  relations 
for  which  he  has  access  permission  and  the  listrelO  routine 
performs  this  function.  In  addition,  it  will  flag  those 
relations  that  are  encrypted  in  the  output . 

4.3.14  The  addareK)  routine  will  add  a  relation  to  the 
encrypted  relation  file  (".crypt")  in  the  data  base's 
directory.  This  is  necessary  either  when  a  DBA  decides  to 
add  a  key  to  an  existing  relation  via  the  "changekey" 
command  or  if  a  new  relation  is  created  via -the  "ingres" 
command. 
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4.3.15  Each  of  the  Figures  noted  in  Chapter  3  is  generated 
by  routines  to  accept  the  response  of  the  user  based  on  the 
desired  option  or  command.  Certain  help  commands  are  also 
available  to  give  the  user  more  information  about  the 
command . 

4.4   C  Programs 

The  above  description  of  implementation  was  programmed  using 
the  C  Programming  Language  and  the  UNIX  Operating  System. 
The  actual  modules  comprising  the  implementation  can  be 
found  in  Appendix  A. 
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Chapter  5  -  Conclusion 


5 . 1   Summary 

The  subject  of  computer  security,  in  light  of  today's  wide 
use  of  computers,  and  the  vast  amount  of  data  stored  on 
them,  has  become  critical.  This  paper  has  taken  a  brief 
look  at  the  UNIX  operating  system  environment  and  certain 
security  strengths  and  weaknesses  it  possesses.  Items  such 
as  password  aging  were  suggested  as  ways  to  enhance  security 
on  an  existing  system.  The  INGRES  DBMS  was  also  discussed 
and,  based  on  the  interaction  between  the  two,  an  inquiring 
INGRES  front  end  was  designed  and  implemented.  It  enables 
users  to  encrypt  data  base  relations  that  may  contain  very 
sensitive  data.  This  may  have  particular  importance  at  an 
institution  like  Kansas  State  University  for  student  data, 
personnel  records  and  grades.  By  utilizing  this  menu  driven 
system,  an  INGRES  user  can  access  INGRES  commands  and  data 
bases  and  strengthen  the  security  that  exists.  A  user  is 
asked  to  input  a  key  in  order  to  access  a  particular 
relation  of  a  data  base  if  it  was  encrypted  on  creation. 
This  is  a  decision  of  the  DBA  based  on  the  value  of  the  data 
that  the  relation  contains.  The  keys  are  maintained  on  the 
system  similar  to  the  way  in  which  the  passwords  for  the 
users  are.  After  the  user  inputs  a  key,  the  key  is 
encrypted  and  stored  in  its  encrypted  form.  The  next  time 
access  to  that  relation  is  necessary,  the  key  is  again 
prompted  for,  encrypted  and  compared  to  the  stored  value. 
In  addition  to  added  security  for  the  data  base  information, 
the  INGRES  front  end  processor  creates  a  more  user  friendly 
environment .  Menus  are  printed  that  display  parameters  sent 
to  the  various  routines  and  give  a  brief  explanation  of 
their  use.  This  allows  new  users  to  feel  more  comfortable 
with  using  the  INGRES  DBMS. 

5 . 2   Problems 

During  the  design  and  development  of  the  implementation  of 
the  inquiring  INGRES  front  end,  some  problems  arose.  In 
order  to  serve  as  a  front  end  with  no  modification  to  INGRES 
code,  it  was  necessary  to  demand  relation  names  prior  to  the 
actual  execution  of  the  INGRES  commands.  If  work  is  to  be 
done  on  a  series  of  protected  and  encrypted  relations,  this 
could  be  time  consuming  and  an  irritant  to  the  user.  Likely 
the  best  implementation  of  a  more  secure  INGRES  DBMS  would 
have  been  to  include  such  implementation  within  the  existing 
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INGRES  code.  It  was  decided  in  this  implementation, 
however,  not  to  do  so.  Also,  extra  overhead  results  from 
system  calls  necessary  to  encrypt  and  decrypt  both  the 
relations  and  keys.  This  will  not  be  a  significant  problem 
here  at  Kansas  State  University,  however,  based  on  the  only 
moderate  use  of  INGRES.  The  inclusion  of  the  EQUEL  command 
in  the  list  of  possible  commands  executed  by  the  front  end 
processor  was  prohibited  due  to  the  availability  of 
executing  EQUEL  programs  outside  of  this  front  end 
environment.  QUEL  statements  are  embedded  within  a  C 
program  and  are  compiled  and  executable  by  the  user  at  any 
time.  This  implementation,  however,  does  prohibit  users 
from  accessing  encrypted  relations  via  EQUEL  programs  as  the 
relations  are  not  readable. 

5 . 3  Further  Extensions 

Based  on  the  problem  discovered  with  the  EQUEL  programming 
environment,  it  would  be  beneficial  to  amend  this  inquiring 
front  end  and  include  support  for  EQUEL  programs.  This  may 
be  possible  by  forcing  EQUEL  programs  to  include  certain 
routines  which  would  be  responsible  for  handling  all 
encryption/decryption  algorithms.  Without  the  user 
interface,  however,  this  problem  becomes  more  significant. 
Another  possible  enhancement  to  the  INGRES  DBMS  security 
system  is  the  possibility  of  hashing  or  encrypting  entire 
relations  and/or  data  bases  and  storing  them  under  different 
names  so  that  files  could  not  maliciously  be  tampered  with. 
This  may  impede  the  less  serious  threats,  although  total 
penetration  of  security  is  always  possible. 
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Application  Code 
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jjf  i  nc  I  ude  <std  i  o.  h> 

# include  <sys/types . h> 

| i  nc I ude  <sys/s  i  gna I . h> 

#  i  nc  I ude  <sys/f  i I e . h> 

^include  "stot.h" 

#i  nc I ude  <er rno. h> 

| i nc I ude  "defines. h" 

|define  quote  "\"" 


char 

i 


I; 


•cmd[] 

"ch", 
"  I  i "  , 


"co" , 
"pr", 


"cr", 
"pu", 


-de' 
"re' 


/•  List  of  Available  Valid  Commands*/ 


"he",  "in", 
"sy",  "ex",  8, 


char  cryptf i le[PATHLENGTH] ; 
char  relname[PATHLENGTH]; 
chor  f i lename[PATHLENGTH]; 
char  namebuf [PATHLENGTH]; 
char  name[PATHLENGTH]; 


/•  Holds  the  full  path  name  of  the  •/ 
/•  . crypt  file.  •/ 

/•  Holds  the  full  path  name  of  the  •/ 
/•  relation  name.  •/ 

/•  Holds  the  path  name  of  the  •/ 
/•  temporary  file  for  encrypting.  «/ 
/•  Holds  the  full  path  of  the  •/ 
/•  relation  name.  •/ 

/*  Holds  the  name  of  the  relation, 
of  the     • 


char  fina I  name [MAXREL] [PATHLENGTH] ;/•  Holds  the  final  name 

/*  relation. 

/ 
/ 


char  j unk Is [PATHLENGTH] ; 
char  I  sit [PATHLENGTH]; 
char  dbname [PATHLENGTH] ; 


the 


char  database[DBLENGTH]; 
char  f i I es [MAXREL] [DBLENGTH] 


nt  plocefMAXREL]; 
total enc ; 


int 


the 


that 
are 


•/ 
■/ 

'/ 
'/ 
the 
'/ 


Holds  the  Is  command  of 

re  I  at  ion  name.  •/ 

/•  Stores  the  Is  command  of  the     •/ 

re  I  at  ion. 

Holds  the  full  path  name  of 

data  base  being  worked  on. 

Holds  the  data  base  name. 

/•  Holds  the  relations 
user  wants  to  work  on  that 
encrypted.  •/ 

char  makekeys[MAXREL][KEYLENGTH];/.  Holds  the  result  of  'makekey'   •/ 

/•  being  executed  on  the  keys  of    •/ 
/•  the  encrypted  relations  that    •/ 
/•  the  user  wants  to  work  on.       •/ 
chor  userkeys[MAXREL][KEYLENGTH];/»  Holds  the  user  inputted  keys    •/ 

/*  for  the  relations  that  the  user  •/ 
wants  to  work  on.  •/ 

Holds  the  placenum  of  the       «/ 
associated  files  and  keys.       •/ 

/•  The  total  number  of  encrypted    •/ 


int 
int 


s  i  ze; 

namef d; 


/•  relations  that  the  user  is      •/ 
/•  working  on.  •/ 

/•  The  size  of  the  relation  name.   •/ 


char  re  I  at  i ons[MAXREL] [DBLENGTH] ; 


char  rel I i st [PATHLENGTH] ; 

char  workre I [DBLENGTH]; 
char  pathname[PATHLENGTH]; 


char  newkeyfCRYPTKEYLEN]; 

char  exingres[COMMANDLENGTH]; 

char  excreatdb[COMMANDLENGTH] ; 

char  exdestfCOMMANDLENGTH];   / 

char  exhelpr[COMMANDLENGTH];  /•  Holds  the  helpr  command  call 

chor  excopy[COMMANDLENGTH];   / 

char  exprintr[COMMANDLENGTH] ; 

char  expurge[COMMANDLENGTH];  / 

char  exrestore[COMMANDLENGTH] ; 

char  exsysmod[COMMANDLENGTH] ; 

char  opt ion[COMMANDLENGTH] ;   / 


Holds  the  list  of  relations  on     •/ 
which  the  helpr  command  will  work.*/ 

/•  Working  relation  name. 
Holds  the  path  name  of  the  source  »/ 
or  destination  of  the  copydb  call.*/ 
Holds  the  relation's  new  key.      •/ 

/•  Holds  the  ingres  command  call. 

/•  Holds  the  creatdb  command  call 
Holds  the  destroydb  command  call.  •/ 

•/ 

Holds  the  copydb  command  call.     •/ 
/•  Holds  the  printr  command  coll. 

Holds  the  purge  command  call.      •/ 
/•  Holds  the  restore  command  call 
/•  Holds  the  sysmod  commond  call. 

Holds  the  options  for  the  command  •/ 
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char  opt i on1 [COMMANDLENGTH] ;  /•  Holds  the  options  for  the  command  •/ 

/*  ca  I  I s .  •/ 

char  cbuf[100];  /•  Character  buffer  for  gets  routine.*/ 

int  placenum;  /«  the  place  number  for  the  relation  •/ 

int  errno;  /*  Global  variable  to  store  the  error*/ 

/»  number  generated  by  the  system    •/ 

/*  ca I  I s .  •/ 

struct  cr  relkey;  /»  Structure  for  storing  used        •/ 

/•  relations  and  their  keys.         •/ 

ma  i  n( ) 

\ 

int  register  differ,  a,  i; 

setsig();  /*  Set  up  the  signal  handling  •/ 

/•  Determine  the  choice  made  by  the  user  and  complete  some    »/ 
/»  preliminary  set-up  work  if  necessary.  •/ 

whi le  (TRUE) 

for  (i=0;  KMAXREL;  i++) 
I 

makekeys[i][0]  =  '\0' ; 

place[ i ]  =  0; 

f i les[i][0]  =  '\0'; 

f i nalnomef i ][0]  =  '\0' ; 

userkeysf i ][0]  =  '\0'; 

relat  ionsf  i ][0]  =  '\0' ; 

totalenc  =  0; 

printf ("\nPleose  Enter  COMMAND  NAME  or  NUMBER  or  '?'  for  Help:   "); 
gets(cbuf);  /•  Get  the  user's  response  •/ 

/»  If  the  user's  response  is  a  number,  convert  it  and  process  it  */ 
if  ((cbuf[0]  >=  '1*J  kk   (cbuf[0]  <-  '9')) 

a  =  atoi (cbuf ) ; 
checkpick(a) ; 
cbuf[0]  =  '\0'; 
cont  i  nue; 

} 

/*  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((cbuf[0]  =  'e')  kk   (cbuffl]  =  -x')) 

printf ("\nFinished  with  this  INGRES/UNIX  Session  -"); 

printf ("  Goodbye !\n\n") ; 

exit(0); 

/•  If  the  user's  response  is  'questionable',  show  the  menu.  •/ 
if  ((cbuf[0]  =  '?')  ||  (cbuf[0]  =  '\n')) 

menu() ; 

cbuf[0]  =  '\0'; 
cont  i  nue; 

! 

/•  Determine  which  command  was  requested  and  then  call  •/ 
/*  checkpick  to  process  it.  */ 

for  (a  =  0;  a  <  NCMDS;  a4+) 
{ 

differ  =  st rncmp(cbuf ,cmd[a] ,2) ; 
if  (differ  =  0) 
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I 

o++; 

checkpi  ck(a) ; 
cbuf  [0]  =  Ae"  ; 
break; 
I 
i 
if  (differ  !-  0) 

} 

pr i nt f ("\nThi s  is  not  a  legitimate  response  An") ; 
pr i nt f ("PI  ease  Try  Again!\n"); 
I 
\ 


>*#•***•*•*•*•***•* 


CHECKPICK 


.»■•••»••••»».. 


•  Function:   This  routine  will  determine  what  command  was  chosen 

•  and  perform  the  appropriate  action.   Some  commands 

•  require  that  a  relation  that  has  been  encrypted  be 

•  decrypted  prior  to  manipulation  or  viewing  of  that 

•  relation.   This  routine  will  call  another  routine 

•  to  do  that  prompting  for  the  appropriate  relation 

•  name  and  key. 
• 

•  Input:   None. 

•  Output:   Colls  to  other  subroutines. 

* 

•  Returns:   SUCCESS  or  FAILURE. 

* 

•/ 

checkpi  ck(pi  ck) 

i  nt  pick; 

{ 

int  I  ; 

int  ret; 

swi  tch  (pick) 

case  1  :         /*  CHANGEKEY  »/ 
printf ("\nCHANGEKEY  — \n"); 

/•  call  routine  to  modify  the  data  base  key  •/ 
if  (changekey()  =  FAILURE) 

printf ("\nChangekey  Fai led!\n") ; 
return  (FAILURE); 

break; 

case  2:         /•  COPYDB  •/ 
printf("\nCOPYDB  — \n"); 
if  (getdbname( 'o')  =  FAILURE) 
return  (FAILURE); 

/•  call  routine  to  get  the  relation  names  to  work  on  •/ 
/•  This  routine  also  will  decrypt  the  files  •/ 

ret  =  get  re  I name( 'm' , ' b' , 'a' ) ; 

switch  (ret) 

case  MATCH:  /»   If  a  MATCH  or  SUCCESS,  then   »/ 

case  SUCCESS:  /«   run  copydb  to  copy  the  doto   »/ 
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copydbca I  I ( ) ;       /»   base's  relations.  •/ 

case  FAILURE: 

totalenc — ;         /•  Subtract  one  from  the  total   •/ 

/»  number  encrypted  because  the  •/ 

/•  I ast  one  f a  i I ed .             •/ 

for(l=0;  Ktotalenc;  I++) 
I 

placenum  =  place[l]; 

strncpy  (newkey,  userkeysfpl acenum] ,  DBLENGTH) ; 

sprintf(rel  name,  "55s%s5Js"  ,  dbname,  "/"  ,  f  i  les[pl  acenum]); 

sprintf(fil ename , "ZsTLsZs" , dbname, "/" ,fi les[pl acenum]) 

sprintfQunkls,  "?5s55s5Js"  .dbname,  "/"  ,  ".  I  shold")  ; 

encrypt_relat  ions() ; 
i 
if    (ret   =   FAILURE) 

return  (FAILURE); 
break; 
case  NOMATCH: 
default: 

copydbca I  I () ; 
break; 


break ; 


case  3:         /•  CREATDB  •/ 
printf("\nCREATDB  — \n"); 
if  (getdbname(,n>)  =  FAILURE) 
return  (FAILURE); 


/•  fork  and  exec  /usr/i ngres/bi n/creatdb  */ 
if  (crcal l()  =  FAILURE) 

return  (FAILURE); 
break ; 


case  4:         /»  DESTROYDB  •/ 
printf("\nDESTROYDB  — \n"); 
if  (getdbnameCo')  =  FAILURE) 
return  (FAILURE); 

/•  fork  and  exec  /usr/i ngres/bi n/dest roydb  •/ 
if  (destcal l()  =  FAILURE) 

return  (FAILURE); 
break ; 


case  5:         /•  HELPR  •/ 
printf ("\nHELPR  — \n"): 
if  (getdbnameCo1)  =  FAILURE) 
return  (FAILURE); 

/•  call  routine  to  get  the  relation  names  to  work  on  •/ 
/*  This  routine  also  will  decrypt  the  files  «/ 

if  (getrelname('nT  , 'b' , ' I ')  =  FAILURE) 
return  (FAILURE); 

/•  fork  and  exec  helpr  •/ 
if  (helprcallQ  —  FAILURE) 

return  (FAILURE); 
break ; 


case  6:         /»  INGRES  •/ 
printf("\nINGRES  — \n"); 
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if  (getdbname( 'o')  =  FAILURE) 
return  (FAILURE); 

/•  call  routine  to  get  the  relation  names  to  work  on  •/ 
/•  This  routine  also  will  decrypt  the  files  */ 

if  (getrelnafne('m' , 'b' , 'a')  =  FAILURE) 
return  (FAILURE); 

/•  fork  and  exec  ingres  •/ 
if  (ingrescal l()  =  FAILURE) 
return  (FAILURE); 

for(l=0;    Ktotalenc;    I++) 

I 

placenum  ■   place[l]; 

strncpy    (newkey,    userkeys[pl acenum] ,    DBLENGTH) ; 
sprintf(rel  name,  "55s55s%s"  ,  dbname,  "/"  ,files[pl  acenum]); 
spr  i  ntf If  I  I ename, "%s%s%s" , dbname, "/" ,fi lesfplocenum]); 
sprintf(junkls,  "J5s/5s55s"  ,  dbname,  "/"  ,  "  .  I  shold")  ; 

/*  coll  routine  to  encrypt  those  relations  thot  hod   •/ 
/•  been  decrypted  before  the  ingres  call.  •/ 

encrypt_relotions(); 

break; 


case  7:         /*  LISTRELATIONS  •/ 
printf("\nLISTRELATIONS  — \n"); 

/•  call  routine  to  list  the  relations  to  which   »/ 
/•  he  has  access  to  in  the  specified  data  base.    •/ 
I  istrelQ; 
break; 


case  8:         /*  PRINTR  •/ 
printf ("\nPRINTR  — \n") ; 

/*  Call  routine  to  get  the  data  base  name  on  which   •/ 
/*  to  work.  •/ 

if  (getdbnameCo1)  =  FAILURE) 
return  (FAILURE); 

/»  call  routine  to  get  the  relation  names  to  be  printed  •/ 
/•  This  routine  also  will  decrypt  the  files  »/ 

if  (getrelname('nr. 'b', 'a')  =  FAILURE) 

return  (FAILURE); 
/*  fork  and  exec  printr  •/ 
if  (printrcal l()  =  FAILURE) 

return  (FAILURE); 
break; 


case  9:         /•  PURGE  •/ 
printf ("\nPURGE  — \n"); 

/•  Call  routine  to  get  the  data  base  name  on  which   */ 
/»  to  work.  •/ 

if  (getdbname('o')  =  FAILURE) 
return  (FAILURE); 

/•  call  routine  to  get  the  relation  names  to  be  purged  •/ 
/•  This  routine  also  will  decrypt  the  files  •/ 

if  (getrelnameCnT  .  "b"  ,  "a')  =  FAILURE) 

return  (FAILURE); 
/•  fork  and  exec  purge  •/ 
if  (purgecallQ  =  FAILURE) 

return  (FAILURE); 
break ; 
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cose  10:  /•  RESTORE  »/ 

printf ("\nRESTORE  — \n"); 

/•  Coll  routine  to  get  the  data  base  name  on  which   •/ 
/»  to  work.  •/ 

if  (getdbnameCo')  =  FAILURE) 
return  (FAILURE); 

/•  fork  and  exec  restore  •/ 
if  (restcal l()  =  FAILURE) 

return  (FAILURE); 
break; 

case  11:        /»  SYSMOO  */ 
printf("\nSYSMOD  — \n"); 

/•  Call  routine  to  get  the  data  base  name  on  which   •/ 
/*  to  work.  •/ 

if  (getdbnomeCo')  —  FAILURE) 

return  (FAILURE); 
/•  fork  and  exec  systnod  «/ 
if  (syscall()  =  FAILURE) 

return  (FAILURE); 
break; 

case  12:        /•  EXIT  «/ 

printf ("\nFinished  with  this  INGRES/UNIX  Session  -"); 

printf("  Goodbye !\n\n") ; 

exit(0); 

break; 

default:        /»  ERROR  •/ 

pr i nt f ("\nTh i s  is  not  a  legitimate  response .\n") ; 

printf ("Please  Try  Again!\n"); 

break; 

\ 

pick  =  0; 
return(SUCCESS); 


GETRELNAME     • 

» 

Function:   This  routine  will  prompt  the  user  for  one  or  more 
relation  names  based  on  o  parameter  stating  's'  = 
single  or  "m'  =  multiple.   It  will  then  verify  that 
the  relation  exists,  see  if  it  is  encrypted,  and  decrypt 
it  if  necessary.   If  the  relation  does  not  exist,  it 
means  that  it  is  to  be  created  and  should  be  put  on  a 
"newre lot  i  on"  list. 

Input:   num  =  s  (single)  or  m  (multiple). 

state  =  e  (existing)  or  n  (new)  or  b  (both), 
what  =  a  (array  of  relations)  or  I  (list  in  a  character 
array. 

Output:   Calls  to  other  subroutines. 

Returns:   Global  variables  files[],  makekeysf],  userkeysf]  and  places[]. 
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*  SUCCESS  or  FAILURE. 

•/ 

get  re  I  name (n urn, state .what ) 
char  num; 
char  state; 
char  what ; 

i 

struct  stat  *buf,  buffer; 

int  m,  numreq,  fd,  cfd,  number,  i,  j,  encrypt num; 

long  nbytes; 

spr intf ( rel I ist , "%s" , "    "); 

nbytes  =  65; 
numreq  ■  0; 
encryptnum  =  0; 
plocenum  =  0; 
buf  =  (kbuffer); 

/•  The  first  thing  that  must  be  done  is  to  find  out  how  */ 

/•  many  relations  we  are  looking  for — >  's'  =  one  and  'm'  =  */ 

/•  fflu 1 1  i  p I e .  •/ 
if  (num  =  ' s' ) 

\ 

number=  1 ; 

pr intf ("\nPlease  enter  the  name  of  the  RELATION  on  which  you"); 

printf("  would  like\nto  work:   "); 

e  I  se 

} 
number  =  MAXREL; 

printf ("\nPlease  enter  the  RELATIONS  on  which  you  would  like  "); 
printf("to  work\n( I i sted  one  at  a  time).\nTo  complete  list,  "); 
pr i ntf ("simply  enter  a  'q'.\n"); 

for  (i=0;  i<number;  i++) 

/•  Now  form  a  list  of  all  the  relations  that  the  user  •/ 
/•  wants  to  work  on.  The  user  can  create,  modify  or  print*/ 
/•  relations,  so  they  must  at  this  time  give  all  relations*/ 
/•  on  which  they  want  to  work  during  this  session.  •/ 
/•  The  maximum  number  of  relations  that  can  be  worked  on  •/ 
/•   at  one  time  is  MAXREL  (?).  «/ 

scanf ("%s" ,  re  I  at  ions [numreq]) ; 

getcharQ;  /*  Dummy  Getchar  to  clean  out  the  buffer  •/ 

if  (»re I  at i ons[numreq]  =  'q') 
break; 

sprintf  (rel name , "Xs%s55s" , dbname, "/" ,relations[numreq]); 
spr intf  (fi lename, "%s%s55s" , dbname,"/" , re  I  at  i on s[ numreq]) ; 
sprintf(junkls, "%s%s%s" .dbname, "/" , " . I  ahold") ; 

spr intf ( Isi t . "3s  55s%s  J5s   %s","ls",    filename,"*".    ">" ,    junkla); 

if    (system(lsit)    =   FAILURE) 

syser r (34) ; 
return(FAILURE); 

if  ((nomefd  =  (open  (junkls,  0_RDWR, 660) ))  =  FAILURE) 

syser  r(35) ; 
return(FAILURE); 

size  =  str len(dbname)  +  15;      /•  The  15  is  for  the  '/'  and  the  •/ 

/*  relation  name.  •/ 
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if  ( read(namef d, namebuf , s i ze)  <=  0) 

) 

c I ose(namef d) ; 

return(NOTEXIST); 
I 
c I ose(namef d) ; 

for  (i=0;  i<14;  i++) 

name[i]  =  namebuf[i  +  st r I en(dbname)  +  1]; 
•treat (filMl name[numreq  .quote) ; 
•treat ( final  name  numreq^  , namebuf) ; 
strcat(f  inal name[numreq] .quote) ; 

sprintf  (rellist,  "Jts  %s"  ,  re  I  I  i  st ,  re  lat  i  ons[numreq])  ; 

if  (stat(namebuf .  buf)  !=  0) 
\ 

if  (num  =  's') 

return  (NOTEXIST); 
e  I  se 
i 

printf ("ERROR:   Relation  %s  Does  Not  Exist!\n", 

re  I  at  ions[numreq]); 
cont  i  nue; 
\ 
I 
sprintf  (work  re  I, "25s" ,  relations[numreq]); 

numreq++;       /»  Bump  this  only  if  it  exists  */ 

\  /•  End  of  the  number  for  •/ 

if  (what  =  ' I ') 
return  (SUCCESS); 

if  (stat(cryptf i le,  buf)  =  0)    /»  Does  .crypt  exist?  •/ 


/•  If  so,  open  it  •/ 

if  ((cfd  -  open(cryptf i le.O_RDWR.660))  =  FAILURE) 


! 


syser r(1 ) ; 
return(FAILURE); 


if  (lseek(cfd.0L,0)  =  FAILURE) 


i 


syserr(2) ; 
cl ose(cfd) ; 
return  (FAILURE) 


placenum  =  0; 

whi le  (nbytes  >  0) 


if  ((nbytes  =  read(cf d ,_re I  key ,s i zeof  relkey))  >  0) 


i 

/•  Put  the  names  of  all  of  the  encrypted  files  •/ 

/•  stored  in  .crypt  into  "files"  and  all  of  the  «/ 

/•  encrypted  keys  into  "makekeys".  •/ 

strncpy  (f i I es[p I acenum] .  re  I  key . re  I  at  ion ,  DBLENGTH) ; 
strncpy  (makekeys[pl acenum] ,  relkey. key.  KEYLENGTH) ; 

pi  acenum-H-; 

I 

else  if  (nbytes  =  -1) 

syserr(3) ; 
return(FAILURE) ; 
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} 

c I ose(cf d)  ; 

j  =  placenum; 

for(m=0;  m<numreq;  m++) 

i 

f or(pl ocenum=0;  placenum<j;  placenum++) 

I 

i f (st rcmp( re  I  at i ons[m] , f i I es[pl acenum])  =  0) 

i 

strncpy  (workrel ,fi les[pl acenum], DBLENGTH) ; 

p  I  ace[enc ryptnum++]  =  placenum; 

tota lenc++; 

if  (num  =  '*')  /*  must  be  from  changekey  •/ 

return  (MATCH); 
else  /*  must  be  from  an  ingres  command  •/ 

J 

print  f ("\nRe lotion  %s:",files[placenum]); 
if  (getoldkey()  =  FAILURE) 

I 

pr i ntf ("Cannot  allow  access  to  %s\n", 

f  i I es[p I acenum]) ; 
return  (FAILURE); 

I 

cont  i  nue ; 

/•  The  end  of  the  strcmp  for  matched  relotion  names  •/ 
\        /*  The  end  of  the  placenum  for  •/ 
\  /•  The  end  of  the  numreq  FOR  for  string  comparing  »/ 

i  f  (num  =  ' s ' ) 

return  (NOMATCH) ; 
e  I  se 

return  (SUCCESS); 

{        /•  The  end  of  the  stat  check  of  .crypt  */ 

else     /•  stat  return  !-  0  which  means  that  there  ore  •/ 
/•  no  encrypted  relations  in  this  data  base.    •/ 

i  f (numreq  =  0) 
\ 

if  (stat ( f i na I name[ i ] ,  buf)  !=  0) 

return  (NOTEXIST); 
e  I  se 

return  ( NOT FOUND ) ; 

for(i=0;  i  <  numreq;  i-H-) 

if  (stat(f inalname[ i ] ,  buf)  !=  0) 

printf ("ERROR:   Relation  %a   Does  Not  Exist!\n", 
relationsfnumreq]); 

return  ( NOT FOUND ) ; 


*  • 

•  GETNEWKEY     • 
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Function:   This  routine  will  prompt  the  user  for  the  new  key 
for  a  relation  when  either  creating  a  new  relation 
via  the  ingres  command  or  changing  the  key  of  a 
relation  via  the  changekey  command. 

Input :   None. 

Output:   Calls  to  other  subroutines. 

Returns:   Global  variable  newkey. 
SUCCESS  or  FAILURE. 

/ 
getnewkey() 

chor  •verifykeyfCRYPTKEYLEN];        /•  user's  second  input  of  the  key  */ 
char  »makey[l00J;  /•  string  to  hold  makekey  command  •/ 

char  testkey[CRYPTKEYLEN];    /•  string  to  hold  output  of       •/ 

/•  makekey  command.  •/ 

struct  stat  »newbuf,  nbuffer; 
struct  crkey  enkey; 
struct  cr  jnker; 

int  ret,  whence,  kfd,  fd,  tries,  match; 
long  offset; 

t  r  ies  =  0; 
match  =  FALSE; 
newbuf  =  (4nbuffer); 

while  ((match  =  FALSE)  kk   (tries  <  2)) 

if  (system("stty  -echo")  =  FAILURE) 

syserr(36) ; 
return(FAILURE) ; 

pr i ntf ("\nWhat  is  your  new  key?   "); 

gets(newkey) ; 

pr i nt f ("\nPlease  reenter  your  new  key:  "); 

get  s(ver  i  f ykey) ; 

if  (system("stty  echo")  =  FAILURE) 

syserr(37) ; 

return(FAILURE); 
I 
pri  ntf ("\n\t Process i  ng. . .\n") ; 

i f (st rcmp(newkey , ver i f ykey)  !=  0) 

tries++; 

if  (tries  =  2) 

pr i nt f ("Mi smatch !   Unable  to  Apply  New  Key!\n\n"); 
e  I  se 

print f ("Mi smatch!   Please  Try  Agai n ! !\n\n") ; 
cont  i  nue; 

I 

match  =  TRUE; 

strncpy  (userkeys[p lacenum] ,  newkey,  KEYLENGTH) ; 

/•  The  user  was  given  two  tries  to  input  a  new  key  twice  */ 

/•  and  was  unsuccessful,  therefore,  terminate  this  */ 

/•  command  by  returning  FAILURE.  •/ 
if  (tries  =  2) 
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return(FAILURE) ; 

if  (st r I en(newkey )  —  0) 

I 

/»  Put  the  key  in  the  .crypt  file  »/ 
if  ((ret  =  stot(cryptf ile,  newbuf))  !»  0) 

I 

if    ((kfd  -  creot(cryptf i  le,477))    <   0) 

{ 

syserr(4) ; 
return(FAILURE); 

cl ose(kf d) ; 
I 

if  ((kfd  -  open(cryptf i I e,0_RDWR, 660) )  =  FAILURE) 

\ 

syserr(6) ; 
return(FAILURE); 

i 

crypt . relat ion[0]  =-  '\0' ; 
crypt . key[0]  =  '\0' ; 
crypt . busyb  i t  =  0; 

if  ( lseek(kfd. ( I ong) (pi acenum  »  sizeof  crypt), 0)  =   FAILURE) 

un I ockbox( ) ; 
close(kfd); 
syserr(7) ; 
return(FAILURE); 
I 

i f (wr i te(kf d.icrypt , si zeof  crypt)  <  0) 

return  (FAILURE); 
c lose(kfd) ; 

printf ("\tCompleted  —  NO  key  will  be  used!\n"); 

return(SUCCESS); 
j  /•   End  of  st r I en(newkey )  =  0  if  statement   •/ 

/•  Encrypt  the  key  for  ultimate  storage  in  the  .crypt  file.  •/ 
sprintf  (makey  ,"/5s%s55s  |  Xs   >  2s", "echo  "  ,  newkey  ,  "  I  s"  ,  "/usr/l  i  b/makekey"  .KEY) ; 

if  (system(makey)  =  FAILURE) 

recoverQ; 

syserr(8) ; 
return  (FAILURE); 
I 

if  ((fd  =  open(KEY,O_RDWR,660))  <  0) 

recoverQ; 
syser r(37) ; 
return(FAILURE); 

if  (lseek(fd,0L,0)  =  -1) 

recoverQ  ; 
syser r(38) ; 
return(FAILURE); 

I 

if    ( read(f d.ienkey , si zeof    enkey)    <  0) 
recoverQ  ; 


Jun  13  13:45  1987   isfe.c  Page  12 

un I ockbox( ) ; 
c I ose( f d) ; 
syserr(9) ; 
return(FAILURE); 

i 

c lose(f d) ; 

spr  int  f  ( test  key  ,  "55c?5c%c%c%c%c/5c/5c/5c%c/5c  "  ,  en  key  .  key[2],enkey.key[3], 
enkey.key[4],enkey.key[5],enkey.key[6],enkey.key[7],enkey.key[8]l 
en key . key [9] , en key . key [10] , en key .  key[ 1 1 ] , en  key . key[  12]) ; 

/♦  Put  the  key  in  the  .crypt  file  •/ 
if  ((ret  m   stat (crypt f i le,  newbuf))  !=  0) 

f 
if    ((kfd  »  creat(cryptf i le.477))    <  0) 

\ 

syserr(l0) ; 
return(FAILURE); 
} 

c I ose(kf d) ; 
I 

if  ((kfd  =  open(cryptf i le ,0_RDWR, 660) )  =  FAILURE) 

syserr(1 1 ) ; 
return(FAILURE); 

strncpy  (crypt . re  I  at i on,  workrel,  DBLENGTH) ; 
strncpy  (crypt. key,  testkey,  st r I en( test  key)) ; 

if  ( I seek(kf d, ( long) (pi acenum  •  sizeof  crypt), 0)  =  FAILURE) 

un I ockbox( ) ; 
c lose(kf d) ; 
syserr(12) ; 
return(FAILURE); 
I 

i f(wri te(kfd,*crypt , sizeof  crypt)  <  0) 

return  (FAILURE); 
c I ose(kf d) ; 

if  (encrypt_relat ions()  =  FAILURE) 

return(FAILURE); 
e  I  se 

return  (SUCCESS); 

/a******************* 

•  ENCRYPT_RELATIONS» 

•  » 

* 

•  Function:   This  routine  will  encrypt  the  relations  again  after 

•  the  user  has  finished  the  desired  manipulations  to 

•  them. 
• 

•  Input:   None. 

•  Output:   Calls  to  other  subroutines. 

•  Returns:   SUCCESS  or  FAILURE. 

* 

•/ 
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encrypt_relations() 

i 

char  crypt  it [PATHLENGTH+PATHLENGTH];   /•  Stores  the  crypt  command  •/ 

char  movi t [PATHLENGTH+PATHLENGTH+PATHLENGTH] ;     /•  Stores  the  mv  command 

char  tempf i le[PATHLENGTH] ;  /»  Stores  the  name  of  the    •/ 

/•  temporary  file  «/ 

int  index,  efd,  readret; 
st  ruct  cr  ecrypt ; 
struct  stat  »ebuf,  ebuffer; 

ebuf  ■  (iebuffer); 

spr i  nt f ( tempf i I e , "Xa .Zs" , re  I  name , "temper")  ; 

if  (lockboxQ  =  FAILURE) 
return  (FAILURE); 

/•  If  so,  open  it  and  read  it.  •/ 

if  ((efd  ■  open(cryptf i le,0_RDWR,66e))  =  FAILURE) 

un  I  ockboxQ  ; 
c I ose(efd) ; 
return(FAILURE); 

if  ( I seek(ef d, ( I ong) (pi acenum  •  sizeof  ecrypt), 0)  =-1) 

unl  ockboxQ  ; 
c  lose(ef d) ; 
syserr(15) ; 
return(FAILURE); 

if  ((readret  =  read(ef d .iecrypt , s i zeof  ecrypt))  <  0) 

unl  ockboxQ  ; 
close(efd); 
syserr(16) ; 
return(FAILURE); 
I 

index  =  pi oce[pl acenum] ; 

spr  i  ntf  (crypt  i  t ,  "%s  55s  <  55s  >  55s"  ,  "/usr/bi  n/crypt  "  ,  newkey , 
f i no  I name[ i ndex] ,  tempf ile); 

if  (system(cryptit)  =  FAILURE) 

recoverQ  ; 
unl  ockboxQ  ; 
c I ose(ef d) ; 
syser r(17) ; 
return(FAILURE); 
i 

/•   Change  it  to  be  =  FREE   »/ 
ecrypt . busybi t  =  FREE; 

if  ( I seek(ef d, ( I ong) (placenum  •  sizeof  ecrypt), 0)  =  FAILURE) 

un  I  ockboxQ  ; 

c lose(ef d)  ; 

syserr(18) ; 

return(FAILURE) ; 
i 
if  (wr i te(efd,4ecrypt ,si zeof  ecrypt)  <=  0) 

c I ose(ef d) ; 
unlockbox( ) ; 
syser r(19) ; 
return(FAILURE) ; 
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! 

c I ose(ef d) ; 
un I ockbox() ; 

spr  i  nt f (mov i  t , "%s   %s  %s"  ,  "/b  i  n/mv" , tempf i I e , f i  no  I name[ i  ndex] ) ; 

if  (system(movit)  =  FAILURE) 

i 
recover() ; 
syserr(20); 
return(FAILURE); 

\ 

return  (SUCCESS); 

I 

•  • 
»     CHANGEKEY      * 

•  • 

«  Function:  This  routine  will  enable  the  user  to  change  the 

•  key  for  a  relation  given  that  the  current  correct 

•  key  is  f  i  rst  i  nput . 
• 

•  Input :   None. 

* 

•  Output:   Calls  to  other  subroutines. 

•  Returns:   SUCCESS  or  FAILURE. 

* 

•/ 

changekey() 

i 

printf ("\nWith  this  command  you  may  change  the  key  of  a  relotion"); 
printf("  in  a  data  base\nfor  which  you  are  the  DBA.\n"); 
if  (getdbname('o')  =  FAILURE) 
return(FAILURE); 

switch  (get  re  I name( ' s' , "•' , *0*)) 

\ 
cose  NOT FOUND: 
case  NOMATCH: 

pr i nt f ("\nThat  relation  is  not  encrypted.   Therefore,  you"); 
printf("  must  want  to  encrypt\nth i s  re  I  at  ion .\n") ; 
if  (getnewkey()  =  FAILURE) 

return(FAILURE); 
break; 

case  NOTEXIST: 

printf("That  relation  does  not  exist!\n"); 
return(FAILURE); 

case  MATCH: 

if  (getoldkey()  =  FAILURE) 

return(FAILURE); 
if  (getnewkey()  =  FAILURE) 

return(FAILURE); 
break; 

def au I t : 
break; 

return(SUCCESS); 
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»**•**•*•**•*••< 


SYSERR 


*********•***•**•**• 


•  Function:   This  routine  will  output  an  error  that  a  system 

•  call  failed.   It  will  print  out  the  number  associated 

•  with  a  particular  place  in  the  code  for  debugging 

•  purposes. 
• 

•  Input:   Error  number. 
* 

•  Output:   Calls  to  other  subroutines. 
* 

•  Returns:   SUCCESS  or  FAILURE. 

syser r(er rornum) 
int  er rornum; 

\ 

pr i nt f ("SYSTEM  ERROR  number  55d  has  occur red!\n" ,  errornum); 

pr int f ("Ensure  thot  all  of  the  encrypted  relations  on  which\n"); 

pr int f ("\tyou  were  working  ore  still  encrypted !\n") ; 

/*   First,  ensure  that  echo  is  turned  back  on!  •/ 

system("stty  echo"); 

\ 


*»»«•»•»•**•*••.•«*< 


•  L1STREL      • 

• 

•  Function:   This  routine  will  enable  the  user  to  find  out  whot 

•  relations  he  has  access  to  in  a  given  data  base. 
• 

•  Input:   None. 
* 

•  Output:   Printout  of  user's  relations. 

•  Calls  to  other  subroutines. 
• 

•  Returns:   SUCCESS  or  FAILURE. 
* 

•/ 
I  istrelQ 

pr i ntf ("\nTh i s  command  will  list  those  relations  for  which  you\n"); 
printf("have  permissions  in  o  specified  data  base\n"); 
if  (getdbname('o")  =  FAILURE) 
return  (FAILURE); 

/.,«.  Check  relations  in  this  database  and  verify  permissions  »•*/ 
/••*•  before  listing  relations  allowed  to  this  user.   »»»»»••»••»/ 


»**•********•**•••»• 
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»     GETDBNAME    • 

»  » 

* 

•  Function:   This  routine  is  used  to  prompt  the  user  for  a  data 
»  base  name  on  which  to  work.   In  addition,  a  check 

•  is  made  to  validate  that  it  is  indeed  an  existing 

•  data  base. 
• 

•  Input:   None. 
* 

•  Output:   A  global  variable  storing  the  data  base  name. 
* 

•  Returns:   FAILURE  if  data  base  does  not  exist  after  three 

•  t r  ies. 
• 

♦/ 

getdbname(state) 
char  state; 

I 

struct  stat  »dbbuf,  dbbuffer; 
int  gotdb,  tries; 
dbbuf  =  (Jcdbbuf  fer); 
tries  =  0; 
gotdb  =  FALSE; 

while  ((gotdb  =  FALSE)  kk    (tries  <  3)) 
\ 

/•  The  first  thing  that  must  be  done  is  to  find  out  which   •/ 
/*  data  base  the  user  wants  to  work  on.  •/ 

pr i nt f ("\nP I  ease  enter  the  name  of  the  DATA  BASE  on  which"); 

printf("  you  would  like\nto  work:   "); 

scanf("%s",  database); 

getchar() ; 

if  (strlen(database)  >  14) 

printf ("\nERROR:   Invalid  Data  Base  Name!\n\n"); 
cont  i  nue; 

spr intf  (dbname, "%s%s" .DBPATH.dat abase) ; 

i  f  (state  ■■  ' n' ) 
return(SUCCESS); 

if  (stat(dbname,  dbbuf)  !=  0) 

I 

pr intf ("\nERROR:   Data  Base  Does  Not  Ex i st !\n\n") ; 
t ries++; 
cont  i  nue; 

I 

gotdb  =  TRUE; 

J 

/•  Next  check  to  see  if  there  are  any  encrypted  relations  •/ 

/*  in  the  data  base  that  the  user  is  to  be  working  on.  »/ 

/•  The  file  /usr/i ngres/data/bases/<database_name>/. crypt  •/ 

/*  keeps  a  listing  of  those  encrypted  relations.  */ 

/•  If  there  are  no  encrypted  relations,  then  we  know  that  •/ 

/»  no  encryption  is  necessory  and  we  con  return  from  this  •/ 

/»  this  routine  to  checkpick.  •/ 
spr  intf  (cryptf  i  le,  "7.s7.sZs"  ,  DBPATH.dat  abase  ,"/.  crypt ")  ; 

/»  The  user  was  given  three  tries  to  input  a  valid  data   •/ 
/•  base  name  and  was  unsuccessful,  therefore,  terminate   •/ 
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/*  this  command  by  returning  FAILURE.  */ 

if  (tries  =  3) 

return(FAILURE) ; 
e  I  se 

return  (SUCCESS); 

I 

/* ****** •***•••**•**« 

•  • 
«    GETOLDKEY     • 

* 

•  Function:   This  routine  will  get  the  old  key  from  the  user  and 
»  then  it  will  call  decryptQ  to  decrypt  the  given  relation 

•  with  the  given  key. 
• 

•  Input:   None. 

•  Output:   A  global  variable  storing  the  data  base  name. 
• 

•  Returns:   FAILURE  if  data  base  does  not  exist  after  three 

•  t  r i  es. 

• 

geto I dkey() 

char  »maki t[l00] ;  /*  Stores  the  makekey  command  •/ 

char  *testkey[CRYPTKEYLEN]; 

char  oldkey[KEYLENGTH];  /»  Holds  the  relation's  old  key  «/ 

int  i,  fd; 

struct  crkey  junkit; 

if  (system("stty  -echo")  =  FAILURE) 

I 

syserr(39) ; 
return(FAILURE); 

I 

pr i ntf ("\nThat  relation  is  encrypted. \nflhat  is  the  key?  "); 

gets(ol dkey) ; 

if  (system("stty  echo")  =  FAILURE) 

i 

syser r(40) ; 
return(FAILURE); 

! 

pr i  ntf ("\nProcessi  ng. . .\n") ; 

strncpy  (userkeys[pl ocenum] ,  oldkey,  KEYLENGTH) ; 
/•  Encrypt  the  user's  key  and  store  it  in  .crypt  eventually  •/ 
spr  i  nt  f  (maki  t ,  "%s?Js%s  |  JJs  >%s","echo  " , ol dkey , " I s" , "/usr/l i b/makekey" ,KEY) ; 

if  (system(maki t)  =  FAILURE) 

I 

syserr(21 ) ; 

return(FAILURE) ; 
i 

if  ((fd  =  open(KEY,O_RDONLY,660))  <  0) 

{ 

syserr(22) ; 
return(FAILURE); 

\ 

if  (lseek(fd.0L.0)  =  FAILURE) 
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i 
syser  r (23) ; 
return(FAILURE) ; 

if  ( read(f d.ijunki t , si zeof  junkit)  <  0) 

syserr(40) ; 
return  (FAILURE); 

sprintf  ( test  key,  "7.c7.c7.c7.c7.c7.c7.c7.c7.c7.c7.c"  ,  junki  t  .  key  [2]  .  junki  t  .key  [3]  . 
junki  t .key [4] , junkit .key [5] . junki  t .key [6] , junki  t .key [71. junki  t . ke 
junk  it. key [9  J, junkit .  key [10] , j unk i t . key[1 1 ] , junk i t . key [12]) ; 

/•  Verify  that  the  existing  key  and  the  user's  inputted  key  •/ 
/«  are  i  dent  ical .  •/ 


y[8], 


i f (st rcmp( test  key ,makekeys[p I acenum] )  !=  0) 

printf ("ERROR:   Wrong  Key  Given\n"); 
return(FAILURE); 
I 

spr  intf  (re  I  name  ,  "7.s7.s7.s"  , dbname,"/"  ,  f  i  les[p  I  acenum])  ; 

if  (decrypt(oldkey)  =  FAILURE) 
return  (FAILURE); 

return  (SUCCESS); 


»*»****•*•#****•••* 


DECRYPT 


>*•***»***•••»••«*» 


•  Function:   This  routine  will  decrypt  the  given  relation  with 

•  the  global  key. 
* 

•  Input:   None. 

»  Output:   A  decrypted  relation. 
* 

•  Returns:   SUCCESS  or  FAILURE. 

» 

•/ 

decrypt(oldkey) 

char  oldkey[CRYPTKEYLEN]; 

/*  Need  to  include  lockbox  and  unlockbox  around  the  crypt  •/ 

/*  command  as  I  did  in  encrypt_re I  at i ons .  •/ 

char  decrypt  it [PATHLENGTH+PATHLENGTH] ;   /•  Stores  the  decrypt  command  •/ 

char  mov it [PATHLENGTH+PATHLENGTH];       /*  Stores  the  mv  command     •/ 

chor  tempf i I e[PATHLENGTH] ;  /»  Stores  the  name  of  the    */ 

/*  temporary  file  •/ 

int  index,  dfd; 
struct  cr  decrypt; 

spr int f ( tempf tie, "%s.J5s" , re  I  name, "temper") ; 
if  (lockbox()  =  FAILURE) 
return(FAILURE); 

/*  Open  it  and  read  it.  •/ 

if  ((dfd  =  open(cryptf i I e,O_RDWR,660))  =  FAILURE) 

unl ockbox ( )  ; 
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close(dfd) ; 
syser r (24) ; 
return(FAILURE); 

if  ( lseek(dfd, ( long) (pi ocenum  •  sizeof  decrypt),©)  =  FAILURE) 

I 
un I ockbox( ) ; 
c I ose(df d) ; 
syser r(25) ; 
return(FAILURE); 

if  ( read(df d.idecrypt , s i zeof  decrypt)  <=  0) 

\ 

unlockbox() ; 
close(dfd); 
syserr(26) ; 
return(FAILURE); 

I 

if  (decrypt .busybit  =  BUSY) 

pr i nt f ("\nThi s  Relation  is  Currently  Being  Used!\n"); 

pr i nt f ("PI  ease  Try  Again  Later .\n\n") ; 

un I ockbox() ; 

c I ose(df d)  ; 

return(FAILURE); 

I 

else  /•   Must  be  =  FREE  •/ 

decrypt. busybit  =  BUSY; 

index  =  p I oce[p I ocenum] ; 

spr i ntf (dec rypt i t , "%s  %s  <  5Ss  >  Zs" , "/usr/b i n/c rypt " , oldkey , 
f  i  na I name[ index],tempfile); 

if  (system(decryptit)  =  FAILURE) 

\ 

un I ockbox() ; 
close(dfd); 
syserr(28) ; 
return(FAILURE); 

{ 

if  ( I seek(dfd ,( long) (pi ocenum  •  sizeof  decrypt), 0)  =  FAILURE) 

\ 

un I ockbox() ; 
c I ose(df d) ; 
syserr(29) ; 
return(FAILURE); 

I 

if  (wr i te(df d .idecrypt , s i zeof  decrypt)  <=  0) 
\ 

close(df d) ; 

un I ockbox() ; 

syser r(30) ; 

return(FAILURE); 

c I ose(df d) ; 

un  I  ockboxQ  ; 

spr  i  nt  f  (mov  i  t ,  "7,s   %s   55s"  ,  "/bi  n/mv"  ,t  em  pfile, final  namef  i  ndex]  )  ; 

if  (system(movi t)  =  FAILURE) 

\ 

syser r(31 ) ; 
return(FAILURE); 
I 
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'••*******«*****•*•• 


SETSIG 


••»****••****•••< 


•  Function:   This  routine  will  set  up  the  signal  handling. 

•  Input:   None. 

•  Output:   None. 
* 

•  Returns:   None. 

• 

setsig() 

I 

fifdef  REAL_THING  /»ZZZZZZZZZZZZ   REMOVE  THIS  IFDEF  •/ 

signal (SIGTERM.  SIG_IGN) ; 

signal (SIGHUP,  SIG_IGN); 

signal (SIGQU1T.  SIG_IGN) ; 

signal(SIGINT,  SIG_IGN); 
fendif 

\ 

•  • 

•  RECOVER      • 

•  • 


•  Function:   This  routine  will  recover  from  a  grave  error  in  the 

*  middle  of  processing. 


•  Input :   None. 
* 

•  Output:   None. 
» 

•  Returns:   None. 
• 

recover() 

\ 

int  kfd; 

struct  stat  •newbuf,  nbuffer; 

newbuf  =  (tnbuffer); 


/»  Put  the  key  in  the  .crypt  file  */ 
if  (stot(cryptf i le.  newbuf)  !=  0) 
return  (SUCCESS); 

if  ((kfd  =  open(cryptf i I e.O.RDWR. 660) )  =  FAILURE) 

syser r(32) ; 
return(FAILURE); 

crypt . relet ion[0]  =  '\0'; 
crypt . key[0]  =  '\0' ; 
crypt .busybi  t  =  0; 

if  ( lseek(kfd, ( long) (pi ocenum  •  sizeof  crypt), 0)  =  FAILURE) 
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un I ockbox( ) 
c I ose(kf d) ; 
syser  r(33) ; 


i f (wri te(kfd,icrypt ,si zeof  crypt)  <  0) 

return  (FAILURE); 
close(kfd); 

printf ("\tDue  to  System  ERROR  —  NO  key  will  be  used!\n"); 

return(SUCCESS); 
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Idefine  TRUE 
Idefine  FALSE 
#def  ine  MATCH 
|def  ine  NOMATCH 


|def  ine 

FAILURE 

-1 

|def  i  ne 

SUCCESS 

1 

#define 

DONE 

1 

f def  i  ne 

CONTINUE 

2 

Idefine 

NOT FOUND 

-2 

|def  i  ne 

NOT EX  I ST 

-3 

fdefine  KEY 
|def  ine  DBPATH 


/»  Two  compared  strings  are  equal  •/ 
/•  Two  compared  strings  are  not  */ 
/•  equa  I  .  •/ 


/•  Relation  name  was  not  listed    */ 
/•  in  the  .crypt  file.  •/ 

/•  The  relation  does  not  exist.    •/ 
"/usr/i  ngres/data/base" 
"/usr/i  ngres/data/base" 


Idefine  MAXOPTS 
Idefine  MAXREL 

Idefine  KEYLENGTH 
Idefine  DBLENGTH 

Idefine  CRYPTKEYLEN 
Idefine  PATHLENGTH 

Idefine  NCMDS 

Idefine  BUSY 

Idefine  FREE 


Idefine  LEFTARROW  "  <  " 
Idefine  RTARROW  "  >  " 
Idefine  COMMANDLENGTH   65 

Idefine  OPTIONLENGTH    30 


14 

/• 

Maximum  number  of  options  that 

•/ 

/• 

are  allowed  in  one  call. 

•/ 

10 

/• 

Maximum  number  of  relations  to  be 

•/ 

h 

worked  on  at  a  time.   This  may  be 

•/ 

/• 

changed . 

•/ 

15 

/• 

Allowable  length  of  a  key.      •/ 

15 

/• 

Maximum  length  of  a  data  base  nam« 

•/ 

/• 

or  a  relation  name. 

•/ 

14 

/• 

The  length  of  an  encrypted  key  •/ 

50 

/• 

Maximum  length  of  the  path  for 

•/ 

/* 

the  data  base  files. 

•/ 

12 

/• 

Number  of  available  UNIX  INGRES 

•/ 

/• 

Commands . 

•/ 

/• 

This  indicates  in  the  "busybit" 

•/ 

/• 

integer  that  someone  has  got  this 

•/ 

/• 

relation  and  is  working  on  it. 

•/ 

/• 

This  indicates  in  the  "busybit" 

•/ 

/• 

integer  that  no  one  is  working 

•/ 

/• 

on  this  re  I  at  ion. 

•/ 

/*  The  Maximum  length  of  one  of  the   »/ 

/•  executed  commands.  ♦/ 

/•  The  Maximum  length  of  the  combined*/ 

/•  options  to  a  command.  •/ 


struct  crkey  /•  Structure  for  the  .temper  files  */ 

\ 

char  key [CRYPTKEYLEN]; 


I; 


struct  cr 


/•  Structure  for  the  .crypt  files   •/ 


\. 


char  relet ion[DBLENGTH] ; 
char  key[CRYPTKEYLEN]; 
int  busybit; 


struct  cr  crypt; 
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otoi  (s) 
char  s[ ] ; 

i 

i  nt  i ,  n; 


n  =  0; 

for  (i=0;  s[i]  >»  '01  kk   s[ i ]  <=  '9' 

n  =  10  •  n  +  s[i ]  -  "0" ; 
return(n) ; 


■i) 
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finclude  "defines. h" 

extern  char  opt i on[COMMANDLENGTH] ; 

extern  char  excopy[COMMANDLENGTH] ; 

extern  char  database[DBLENGTH] ; 

extern  char  rel I i st [PATHLENGTH] ; 

extern  char  pathname[PATHLENGTH] ; 

•  * 

•  COPYDBCALL    • 

•  • 

•  Function:   This  routine  is  used  to  formulate  the  command  copydb. 

•  Input:   None. 

* 

•  Output:   A  screen  of  options. 

•  Returns:   SUCCESS  or  FAILURE. 

*/ 

copydbcal I () 
I 

char  optbuf[l00][3]; 
int  j,  i,  a,  differ; 

spr  i  nt  f  (opt  ion,  "/5s"  ,  "  "); 
ififdef  DEBUG 

pr i nt f ("excopy  =  %s\n" .excopy) ; 

pr i nt f ("opt i on  =  5s\n" , opt i on) ; 

pr i nt f ("copydbca I  I  database  =  %s\n" .database) ; 
#end  i f 

copydbmenuQ  ; 

for  ( i=0;  ; i++) 

I 

scanf("%s",  optbuffi]); 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  */ 
if  ((»optbuf[i]  =  '?')  ||  (.optbuf[i]  =  '\n')) 

copydbmenuQ ; 
cont  i  nue; 

i 

/»  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((«optbuf[i]  =  '2')  ||  (.optbuffi]  =  'q')) 

getchor() ; 
#ifdef  DEBUG 

pr i ntf (" i ns i de  the  ex  part  and  i  =  %d!\n",i); 
fendi  f 

for  (j=0;  j<-i;  j++) 

if  (copydbcheck(optbuf [j])  —  DONE) 

fifdef  DEBUG1 

printf("Got  to  just  after  copydbcheck  and  ret  urn i ng\n") ; 
fendi  f 

break; 

spr i nt f (pathname , "%s" , "    "); 

pr intf ("\nWhat  is  the  full  path  name  of  the  directory"); 

printf("  where  you  wish\nto  copy  the  files?   "); 
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gets(pothname) ; 
spr i nt f (excopy , "%s%s  %s  %s  %s" , "copydb" , opt i on, database , pathname , re  I  I i st ) ; 
#ifdef  DEBUG 

pr i nt f ("excopy  before  exec  =  %s\n" .excopy) ; 
#endif 

pr  intf  ("\n55s\n"  .excopy) ; 

if  (system(excopy)  =  FAILURE) 

syserr(101 ) ; 

retum(SUCCESS); 

/•  If  the  user's  response  is  a  number,  convert  it  and  process  it  •/ 
if '  ((•optbufp]  =  '1')  ||  (»optbuf[i]  =  '2')) 

#i  fdef    DEBUG 

printf("1-9  optbuf    [5Sd]   =  T.c   and   a  -  55d\n'\    i  .optbuf  [  i  ]  [0] ,    a); 
fendif 

cont  inue; 

\ 

pr i ntf ("\nOpt ion  %s  is  not  a  legitimate  opt i on.\n" , opt buf  [  i  ])  ; 
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| i nc I ude  "defines. h" 

extern  char  opt i on[COMMANDLENGTH] ; 


/••a**************** 

* 

•  COPYDBCHECK 
* 

a****************** 
• 

•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

•  more  information  based  on  which  options  the  user  hos 

•  requested  for  the  copydb  command. 
• 

•  Input:   None. 

•  Output:   A  list  of  options. 

•  Returns:   The  options  to  be  executed. 

* 

•/ 

copydbcheck(pick) 
char  pick[3]; 

\ 

char  buf[5]; 
int  a.  m; 

a  =  atoi (pick) ; 

#ifdef  DEBUG 

printf("a  =  %d   and   pick  =  %s\n" , a , pick)  ; 
jjtendif 

swi  tch(o) 

I 

case    1  : 

printf("What  is  the  user's  login  name?   "); 

get  s(buf ) ; 

sprintf(opt  ion,  "%s  T.sZs"  ,opt  i  on,  "-u"  ,  buf )  ; 
#ifdef  DEBUG 

printf("in  case  1\n"); 

pr  i  nt  f  ("opt  i  on  =  5Js\n"  ,  opt  i  on)  ; 
#endi  f 

break; 

case  2: 
#ifdef  DEBUG 

printf("in  case  14\n"); 
#endi f 

return(DONE); 

break; 

default: 
break; 

I 

for  (m=0;  m<5;  m-H-) 
buffm]  =  0; 

return  (CONTINUE); 
i 
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•  • 

•  COPYDBMENU    * 

•  * 

• 

•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  copydb  to  the  user. 
* 

•  Input:   None. 
* 

•  Output:   A  screen  of  options. 

«  Returns:   The  options  to  be  executed. 

•/ 

copydbmenuQ 

\ 


pr  i  nt f ( 
pr  i  ntf ( 
pr  i  ntf ( 
pr i  ntf ( 
pr  i  ntf ( 
pr  i  ntf ( 
pr  i  nt f ( 


\n\n\n"); 

'\t\t\tcopydb  options\n"); 
'\t\t\t \n\n"); 

1)  -uname  =  specify  a  different  DBA  called"); 
' name ' .\n") ; 

2)  EXIT  =  exit  from  this  option  sess i on.\n") ; 
'\n\nPlease  enter  the  number  of  the  option  desired:  "); 
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finclude  "defines. h" 

extern  char  opt ion[COMMANDLENGTH] ; 
extern  char  excreatdb[COMMANDLENGTH] ; 
extern  char  databasefDBLENGTH] ; 

/••••it************** 

*  • 

*  CRCALL      • 

*  Function:   This  routine  is  used  to  formulate  the  command  creatdb. 

*  Input:   None. 

*  Output:   A  screen  of  options. 
* 

*  Returns:   The  options  to  be  executed. 

•/ 

crcal l() 

I 

char  optbuf [ie0][3]; 
i  nt  j ,  i ,  o,  di  f f er ; 

spr  i  nt  f  (opt  ion,  "7.s"  ,  "    "); 
#i  fdef  DEBUG2 

pr i nt f ("excreatdb  =  %s\n" .excreatdb)  ; 

pr i nt f ("opt i on  =  %s\n" , opt  ion) ; 

pr i nt f ("crca I  I  database  =  %s\n" , database) ; 
#endif 

c  rmenuQ  ; 

for  ( i=0;  ; i++) 

\ 

sconf("%s",  optbuf[i]); 
getcharQ  ; 

/*  If  the  user's  response  is  'questionable',  show  the  menu  again  »/ 
if  ((»optbuf[i]  =  '?')  ||  (»optbuf[i]  =  '\n')) 

i 

crmenu() ; 
cont  inue; 
I 
/•  If  the  user's  response  is  an  exit,  get  out  of  here  */ 
if  ((»optbuf[i]  =  '6')  ||  («optbuf[i]  =  'q')) 
i 
#i  fdef  DEBUG 

pr i ntf (" i ns ide  the  crex  part  and  i  =  %d!\n",i); 
#endi  f 

for  (j=0;  j<=i ;  j++) 

{ 

if  (crcheck(optbuf [j])  =  DONE) 

} 

fifdef  DEBUG 

printf("Got  to  just  after  crcheck  and  returni ng\n") ; 
#endif 

break; 
j 
i 

spr i ntf (excreatdb, "%s%s  55s"  ,  "c  r eat db" .opt  i  on, database) ; 
jjMfdef  DEBUG 

pr i ntf ("excreatdb  before  exec  =  %s\n" , excreatdb) ; 
#endif 

pr  i  nt  f  ("\nJ5s\n"  .excreatdb); 
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I 


if  (system(excreatdb)  =  FAILURE) 

syserr(l01 ) ; 
return(SUCCESS); 


/*  If  the  user's  response  is  a  number,  convert  it  and  process  it  •/ 
if  (f>optbuf[i]  >=  "I")  kk   («optbuf[i]  <-  'e')) 

I 

fifdef  DEBUG 

printf("1-9  optbuf  [J5d]  =  Zc   and  o  =  %d\n"  .  i  ,  optbuf  [  i  ]  [0]  ,  o); 
fendi  f 

cont  i  nue  , 

i 

pr i nt f ("\nOpt ion  %s    is  not  a  legitimate  opt  ion .\n" , optbuf [ i ])  ; 
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§ i  nc I ude  "def  i  nes . h" 

extern  char  opt i on[COMMANDLENGTH] ; 

*  * 

*  CRCHECK     * 

*  • 


•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

•  more  information  based  on  which  options  the  user  has 
»  requested  for  the  creatdb  command. 

• 

•  Input:   None. 
» 

»  Output:   A  list  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

*/ 

c  rcheck(pi  ck) 
char  pick[3]; 

char  buf[5]; 
i  nt  a; 

a  =  otoi (pi  ck) ; 

#i  fdef  DEBUG2 

printf("a  =  J5d  and  pick  =  %s\n" ,a , pi ck) ; 
fendif 

swi  tch(a) 

1 

case  1 : 

printf("Whot  is  the  user's  login  name?   "); 

get s(buf ) ; 

sprintf(option,  "55s  %sJ5s"  ,  opt  ion,  "-u"  ,  buf  )  ; 
#  i  f def  DEBUG2 

printf("in  case  1\n"); 

pr  intf  ("opt  ion  =  5Js\n"  ,opt  ion)  ; 
fendif 

break; 

case  2: 

sprintf(option, "%a   %s" , opt  ion, "— e") ; 
#i  fdef  DEBUG2 

printf("in  case  2\n"); 

pr  intf  ("opt  ion  =  5Cs\n"  ,opt  ion)  ; 
#endi  f 

break; 


case  3: 

spr  i  nt  f  (opt  ion  ,  "%s  T.s"  ,  opt  i  on  ,  "-m")  ; 
#ifdef  DEBUG2 

printf("in  cose  3\n"); 

pr  i  nt  f  ("opt  ion  =  /Ss\n"  ,opt  ion)  ; 
#endi  f 

break; 

case  4: 

whi le(TRUE) 

\ 

printf("Turn  On  (+)  or  Off  (-)  concurrency  control?   "); 
gets(buf )  ; 

if  ((buf[e]  =  •+•)  ||  (buf[e]  =  •-•)) 

break; 


Jun  13  13:34  1987   crcheck.c  Page  2 

} 

sprintf(opt  ion, "%s  %s%s" , opt  i  on , buf , "c") ; 
jjfifdef  DEBUG2 

pr i ntf ("opt i on  =  %s\n" , opt i on) ; 

printf("in  cose  4\n"); 
#endif 

break; 

case  5: 

whi le(TRUE) 

I 

printf ("Turn  On  (+)  or  Off  (-)  Query  Modification?   "); 
gets(buf ) ; 

if  ((buf[0]  =  •+•)  ||  (buf[0]  =  '-•)) 
break; 

} 

sprintf(opt  ion,  "5!s  %sJJs"  ,option,buf,"q"); 
#ifdef    DEBUG2 

pr int f ("opt i on  =  %s\n" ,opt ion) ; 

printf("in  case  5\n"); 
#endif 

break; 

case  6: 
#ifdef  DEBUG2 

printf("in  case  6\n"); 
#endif 

return(DONE); 

break; 

defaul t : 
break; 

} 
-  return  (CONTINUE); 
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•  » 
»      CRMENU      • 

•  • 

» 

•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  creatdb  to  the  user. 
• 

•  Input:   None. 
* 

•  Output:   A  screen  of  options. 

»  Returns:   The  options  to  be  executed. 
•/ 


crmenu() 


char  optbuf [100][3]; 
int  j ,  i ,  a,  differ; 


pr  i  nt f 
pr  i  nt f 
pr  i  nt f 
pr  i  nt f 
pr  i  nt f 
pr  i  nt  f 
pr  i  nt f 
pr  i  nt f 
pr  i  nt f 
pr  i  nt  f 
pr  i  nt  f 
pr  i  nt f 
pr  i  nt f 
pr  i  nt f 


"\n\n\n"); 

"\t\t\tcreatdb  options\n"); 

"\t\t\t \n\n"); 

1)  -uname  =  specify  a  different  DBA  called"); 
"  '  name'  An")  ; 

2)  -e  =  modify  options  for  an  existing  database .\n") ; 

3)  -m  =  specifies  that  the  UNIX  directory  in"); 

"  which  the  data  base\n\t\tis  to  reside  already  exists. \n"); 
"  4)  +/-c  =  turns  on  (+)  or  off  (-)  the  concurrency"); 
"  control  scheme. \n"); 

5)   +/-q  m    turns  on  (+)  or  off  (-)  query"); 
"  mod  i  f  icot  i  on  An")  ; 

$)   EXIT  ■  exit  from  this  option  session. \n") ; 
"\n\nPlease  enter  the  number  of  the  option  desired:  "); 
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jjf  i  nc  I  ude  "def  i  nes  .  h" 

extern  char  opt i on[COMMANDLENGTH] 
extern  char  exdest  [CCHyMANDLENGTH] 
extern  char  database[DBLENGTH] ; 


'**•*•*•***•••••**** 


DESTCALL 


••••a************** 
• 

•  Function:   This  routine  is  used  to  formulate  the  command 

•  destroydb. 
• 

•  Input :   None. 
* 

«  Output:   A  screen  of  options. 

•  Returns:   The  options  to  be  executed. 

destcal I () 

\ 

char  optbuf [100][3]; 
int  j ,  i ,  o.  di  f f er  ; 

spr  i  nt  f  (opt  i  on,  "25s"  ,  "  "); 
#ifdef  DEBUG2 

pri  nt  f  ("exdest   =  Jls\n"  , exdest )  ; 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,opt  ion)  ; 

printf("dest  database  =  J5s\n" , database) ; 
#endif 

destmenu() ; 
for  (i=>0;  ;i++) 
I 

scanf("55s",  optbuf[i]); 

/•  If  the  user's  response  is  'questionable',  show  the  menu  oga i n  */ 
if  ((•optbufpj  =  '?')  ||  (»optbuf[i]  =  '\n')) 

I 

destmenu() ; 
cont  i  nue ; 

\ 
/*    If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((«optbuf[i]  =  '3')  ||  (»optbuf[i]  =  'q')) 

I 

#ifdef  DEBUG 

pr i nt f (" i ns ide  the  destex  part  and  i  =  5Jd!\n",i); 
fendif 

for  (j=0;  j<»i ;  j++) 

if  (destcheck(optbuf [j])  =  DONE) 

1 

#ifdef  DEBUG1 

printf("Got  to  just  after  ingcheck  and  ret urni ng\n") ; 
#endi  f 

break; 
i 
\ 

sprintf(exdest,"J5s%s  5!s","destroydb",option,  data  base); 
#ifdef    DEBUG 

pr i ntf ("exdest    before    exec   =  5Ss\n" .exdest ) ; 
#endi  f 

pr  i  nt  f  ("\n?5s\n"  .exdest)  ; 
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if  (system(exdest)  =  FAILURE) 

J 

syser r( 101 ) ; 

! 

return(SUCCESS); 

! 

/*  If  the  user's  response  is  a  number,  convert  it  and  process  it  •/ 
if  ((»optbuf[i]  >=  '1')  **  (»optbuf[i]  <=  '3')) 

fifdef  DEBUG 

printf("1-9  optbuf  [J5d]  =  Zc   and  a  ■  J5d\n"  .  i  .optbuf  [  i  ]  [0]  ,  a); 
#endif 

cont  i  nue ; 
I 
pr i nt f ("\nOpt i on  Xs    is  not  a  legitimate  opt  ion .\n" .optbuf flj); 

I 
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jjlinclude  "defines,  h" 

extern  char  opt i on[COMMANDLENGTH] ; 

•  * 

•  DESTCHECK     » 

•  • 
••A***************** 
• 

•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 
«  more  information  based  on  which  options  the  user  has 

•  requested  for  the  destroydb  command. 
• 

•  Input:   None. 

•  Output:   A  list  of  options. 

•  Returns:   The  options  to  be  executed. 

* 

•/ 

destcheck(pick) 
char  pick[3]; 

\ 

char  buf[5]; 
i  nt  a; 

a  =  atoi (pick) ; 

#ifdef  DEBUG 

printf("o  ■  %d  and  pick  =  %s\n" ,a, pick) ; 
#endif 

swi  tch(a) 

case  1 : 

sprintf(option,  "55s  %s" , opt  ion,  "— s")  ; 
#ifdef  DEBUG 

printf("in  case  1\n"); 

pr  int  f  ("opt  ion  =  55s\n"  ,  opt  ion)  ; 
#endi  f 

break; 

case  2: 

sprintf(opt  ion, "%s  %s" , opt  i  on , "-m") ; 
#ifdef  DEBUG 

pr int f ("opt i on  =  %s\n" , opt  ion) ; 

printf("in  case  2\n"); 
fendif 

break; 

case  3: 
#i  f def  DEBUG 

printf("in  case  3\n"); 
fendif 

getchar() ; 

return(DONE); 

break; 


! 


default: 
break; 

\ 

return  (CONTINUE); 
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•  * 

*  DESTMENU     • 


*•••••*•****«•*••*•• 


•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  destroydb  to  the  user. 
* 

•  Input:   None. 

•  Output:   A  screen  of  options. 

•  Returns:   The  options  to  be  executed. 


destme 

\ 

pri 
pri 
pri 
pri 
pri 
pri 
pri 
pri 
pri 


nu() 

ntf 
ntf 
ntf 
ntf 
ntf 
ntf 
ntf 
ntf 
ntf 


"\n\n\n"); 

"\t\t\tdest roydb  options\n"); 

"\t\t\t \n\n"); 

"      1)   -s  =  INGRES  superuser  must  use  this  to  execute"); 
"  dest roydb. \n") ; 

2)  -m  =  specifies  that  the  UNIX  directory  in"); 
"  which  the  data  base\n\t\t res i des  is  not  to  be  removed  An") ; 

3)  EXIT  =  exit  from  this  option  sessi on.\n") ; 
"\n\nPlease  enter  the  number  of  the  option  desired:  "); 
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finclude  "defines. h" 

extern  char  opt i on[COMMANDLENGTH] ; 
extern  char  exhel pr[COMMANDLENGTH] ; 
extern  char  database[DBLENGTH] ; 
extern  chor  rel I i st [PATHLENGTH] ; 

•  • 
»    HELPRCALL     * 

•  • 

•  •••••to*********** 

•  Function:   This  routine  is  used  to  formulate  the  command  helpr. 
* 

•  Input:   None. 

•  Output:   A  screen  of  options. 

•  Returns:   SUCCESS  or  FAILURE. 

« 

•/ 

helprcal I () 

I 

char    optbuf [100][3]  ; 
i  nt    j  ,     i ,    a,    differ; 

spr i nt f (opt i on ,  "%s"  ,  "    "); 
#ifdef   DEBUG2 

pr  i  nt  f  ("exhe  I  pr  =  J5s\n"  ,exhe  I  pr)  ; 

pr  i  nt  f  (opt  ion  =  55s\n"  ,opt  ion)  ; 

pr i nt f ("he  I prcal I  database  =  %s\n" , database)  ; 
#endif 

he  I prmenu() '< 

for  (i=0;  ;i++) 
I 

scanf("%s",  optbuf[i]); 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  •/ 
if  ((»optbuf[i]  —  '?')  ||  (»optbuf[i]  =  '\n')) 

he  I prmenu() : 

cont  inue; 
\ 
/•  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((»optbuf[i]  =  '3')  ||  (»optbuf[i]  =  'q')) 

getchar() ; 
#ifdef  DEBUG2 

pr i nt f (" i ns i de  the  helprex  part  and  i  =  55d!\n",i); 
#endi  f 

for  (j»0;  j<=i  ;  j-H-) 

if  (helprcheck(optbuf[j])  =  DONE) 

#ifdef  DEBUG2 

printf("Got  to  just  after  helprcheck  and  return i ng\n") 
#endi  f 

break ; 

.     ' 

sprintf(exhelpr,  "7.s7.s   Zs   JSs"  ,  "he  I  pr"  ,  opt  i  on  .database  ,  re  I  I  i  st)  ; 
#ifdef  DEBUG 

pr  int f ("exhe  I  pr  before  exec  =  %s\n" , exhe  I  pr)  ; 
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#endif 

pr  i  nt  f  ("\nJ5s\n"  , exhe I pr )  ; 

if  (system(exhelpr)  =  FAILURE) 

I 

syser r( 101 ) ; 

I 

return(SUCCESS); 

/*  If  the  user's  response  is  o  number,  convert  it  and  process  it  •/ 
if  ((»optbuf[i]  >=  'T)  kk   (.optbuffi]  <=  '3')) 

\ 

#i  f def  DEBUG2 

printf("1-9  optbuf  [Xd]  =  %c  and  a  =  %d\n",  i .optbuf [ i ][0] ,  a); 
#end if 

cont  i  nue; 

pr i nt f ("\nOpt i on  %s    is  not  a  legitimate  opt i on. \n" .optbuf [ i ]) ; 

! 
\ 
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(((include  "defines,  h" 

extern  opt ion[COMMANDLENGTH] ; 

/•***•*******•*•••*•* 

»     HELPRCHECK    • 

•  » 
•***»*•**»*** ******* 
• 

•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 
»  more  information  based  on  which  options  the  user  has 

•  requested  for  the  helpr  command. 
• 

•  Input:   None. 

»  Output:   A  list  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

* 

he  I prcheck(pick) 
char  pick[3]; 

{ 

char  buf[5]; 
i  nt  a,  in; 

a  =  atoi (pi  ck) ; 

#ifdef  DEBUG 

printf("a  =  7.d   and  pick  =  55s\n"  ,a,  pi  ck)  ; 
#endi  f 

swi  tch(a) 

{ 

case  1 : 

printf("What  is  the  user's  login  name?   "); 

gets(buf ) ; 

sprintf(opt  ion, "%s  %s%s" , opt  i  on, "-u" , buf ) ; 
#i  f def  DEBUG 

printf("in  case  1\n"); 

pr i nt f ("opt  ion  =  %s\n" , opt i on) ; 
#endi  f 

break; 

case  2: 

whi le(TRUE) 
i 

printf("Woi t  (+)  or  Do  Not  Wait  (-)  for  the  Data  Base?   "); 
gets(buf ) ; 

if  ((buf[0]  =  •+•)  ||  (buf[0]  =  •-•)) 
break; 
I 

sprintf(opt  ion,  "Zs  /5sJ5s"  ,  opt  i  on,  buf  ,  "w")  ; 
#ifdef    DEBUG 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,opt  i  on)  ; 
printf("in   case   2\n"); 
ifendif 

break; 

case  3: 
#i  fdef  DEBUG 

printf("in  case  3\n"); 
#endi  f 

return(DONE); 

break; 

def aul t : 
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break ; 

i 

for  (m=0;  m<5;  m++) 
buf[m]  =  0; 
#ifdef  DEBUG 

printf  ("»buf  =  J5s\n",buf); 
#endif 


return  (CONTINUE); 
I 
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/•••••a************* 
.     HELPRMENU 


••*•*•••*••***•***• 


•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  helpr  to  the  user. 
• 

•  Input:   None. 

•  Output:   A  screen  of  options. 

•  Returns:   The  options  to  be  executed. 

he  I  prmenuQ 


pr  i  ntf  ( 
pr  i  nt f ( 
pr  i  nt f ( 
pr  i  ntf ( 
pr  i  ntf ( 
pr  i  ntf ( 
pr  i  ntf ( 
p  r  i  n  t  f  ( 


•\n\n\n"): 
\t\t\thelpr  options\n"); 

•\t\t\t \n\n"); 

1)   -uname  =  specify  a  different  DBA  called"); 
'  ' name' .\n") ; 

*      2)  +/-w  =  wait/do  not  woit  for  the  data  base.\n"); 
'      3)   EXIT  »  exit  from  this  option  sessi on.\n") ; 
'\n\nPlease  enter  the  number  of  the  option  desired:  "); 
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finclude  "defines. h" 

extern  char  opt  i  on[COMMANDI_ENGTH]  ; 
extern  char  ex i ngresfCOMMANDLENGTH] ; 
extern  char  dotabase[DBLENGTH] ; 

•  » 

•  INGRESCALL    * 


•  Function:   This  routine  is  used  to  formulate  the  command  ingres. 
* 

•  Input:   None. 
* 

•  Output:   A  screen  of  options. 

»  Returns:   SUCCESS  or  FAILURE. 

i  ngresca I  I () 

char  optbuf[100][3]; 
i  nt  j ,  i ,  a,  di  f f er ; 

spr i nt f (opt  ion , "Zs" , "    "); 
#i  fdef  DEBUG 

pr  i  nt  f  ("exi  ngres  =  55s\n"  ,  ex  i  ngres)  ; 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,  opt  ion)  ; 

pr i nt f (" i ngrescal I  database  =  %s\n" .dotobase) ; 
#endi  f 

i  ngmenu( ) ; 

for  (i=0;  ; i4+) 
i 

scanf("%s",  optbuf [i j); 

/*  If  the  user's  response  is  'questionable',  show  the  menu  again  •/ 
if  ((optbuf[i][0]  —  '?')  ||  (optbuf[i][0]  =  '\n')) 

i  ngmenuQ  ; 
cont  i  nue; 

I 

/•  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 

if  (((optbuf [i][0]  =  '1')  kk    (optbuf [i][l]  =  '4')) 
||  (*optbuf[i]  —  'q')) 

getchar() ; 
fifdef  DEBUG 

pr i nt f (" i ns ide  the  ex  part  and  i  =  9Mt\n",l); 
#endif 

for  (j=0;  j<=i ;  j++) 

if  (ingcheck(optbuf [j])  =  DONE) 

fifdef  DEBUG 

printf("Got  to  just  after  ingcheck  and  ret  urn i ng\n") ; 
fendi  f 

break; 
\ 
\ 

sprintf(exi  ngres,  "55s%s  7.s"  ,  "  i  ngres"  ,  opt  i  on  ,  database)  ; 
fifdef  DEBUG 

pr i ntf ("ex i ngres  before  exec  =  5Js\n" , ex i ngres) ; 
#endif 
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pr  i  nt f ("\n%s\n" , ex  i  ngres) ; 

if  (system(ex i ngres)  =  FAILURE) 

i 

syserr(101 ) j 

I 

return(SUCCESS); 

! 

/•  If  the  user's  response  is  a  number,  convert  it  and  process  it  •/ 
if  ((»optbuf[i]  >=  '1")  t*  (»optbuf[i]  <»  '9')) 

\ 

#ifdef  DEBUG 

printf("1-9  optbuf  [5Sd]  =  7.c   and  a  =  J5d\n",  i  ,  optbuf  [  i  ]  [0]  ,  a); 
#endif 

cont  inue; 

! 

pr i nt f ("\nOpt ion  55s  is  not  a  legitimate  opt i on. \n", optbuf [ i ]) ; 
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#  i  nc  I ude  "def  i  nes . h" 

extern  char  opt i on[COMMANDLENGTH] ; 

*  • 

•  INGCHECK    » 

*  * 

* 

*  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

*  more  information  based  on  which  options  the  user  has 

•  requested  for  the  ingres  command. 
• 

•  Input:   None. 

•  Output:   A  list  of  options. 
* 

»  Returns:   The  options  to  be  executed. 

» 

•/ 

i  ngcheck(pi  ck) 
char  pick[3]; 

I 

char  buf [5] ; 
i  nt  a ,  m ; 

a  =  otoi (pi  ck)  ; 

# if def  DEBUG 

printf("a   =  J5d   and   pick  =  ?Js\n"  ,a  ,  pick)  ; 
#endi  f 

swi  tch(o) 

I 

cose    1  : 

whi le(TRUE) 

\ 

printf ("Enable  (+)  or  Disable  (-)  Direct  Update?   "); 
get s(buf ) ; 

if  ((buf[0]  =  •+•)  ||  (buf[0]  =  •-')) 
break; 
i 

sprintf(option,  "%s  J5s/5s"  ,option,buf,"U"); 
# if def  DEBUG 

printf f" in  case  1\nM); 
pr i nt f ("opt  ion  =  J5s\n"  ,  opt  i  on)  ; 
#endif 

break; 

case  2: 

printf("What  is  the  user's  login  name?   "); 

get s(buf ) ; 

sprintf(option,"?5s  ZsZs" ,option,"-u",buf); 
#i  f def    DEBUG 

printf("in  case  2\n"); 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,opt  ion)  ; 
fendif 

break; 

case   3: 

printf("What  is  the  minimum  field  width?   "); 
get s(buf ) ; 

sprintf(option,  "55s  JtsJJs"  ,  opt  i  on,  "— e"  ,  buf )  ; 
#i  f def    DEBUG 

printf("in   case  3\n"); 

pr  i  nt  f  ("opt  ion  =  5Js\n"  ,opt  ion) ; 
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fendi  f 

break; 

case  4: 

printf("Whot  is  the  integer  output  field  width?   "); 

gets(buf ) ; 

sprintf(option,  "55s  55s5Js"  ,  opt  ion  ,  "-i  "  ,  buf ) ; 
#i  f def    DEBUG 

pr  intf  ("opt  ion  »  5Js\n"  ,opt  i  on)  ; 

printf("in  case  4\n"); 
#endif 

break; 

case  5: 

printf("Set  the  floating  point  output  field  width  to  M"); 

printf("  characters  with  N  decimal  places. \n"); 

printf("Whot  is  the  IxM.N  parameter?   "); 

gets(buf ) ; 

sprintf(option.  "55s  55s5Js"  ,  opt  ion,  "-f  "  ,  buf  )  ; 
#ifdef    DEBUG 

pr  i  nt  f  ("opt  ion  =  55s\n"  .opt  ion)  ; 

printf("in  case  5\n"); 
fendi  f 

break; 

case  6: 

printf("What  is  the  column  separator?   "); 

get  s ( buf  )  ; 

sprintf(opt  ion,  "55s  55s55s"  ,opt  ion,  "-v"  ,  buf  )  ; 
#ifdef    DEBUG 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,opt  ion)  ; 

printf("in  case  6\n"); 
fendi f 

break; 

case  7: 

printf("What  is  the  modify  mode  on  the  retrieve  command?   "); 

gets(buf ) ; 

sprintf(option,  "55s  55s55s"  ,  opt  ion,  "-r"  ,buf  ) ; 

#  i  f def    DEBUG 

pr  intf  ("opt  ion  =  55s\n"  .opt  i  on)  ; 
printf("in  case  7\n"); 
fendif 

break; 

case  8: 

printf("Whot  is  the  modify  mode  on  the  index  command?   "); 

gets(buf ); 

sprintf(opt  ion,  "55s   55s55s"  ,opt  ion,  "-n"  ,  buf )  ; 

#  i  f def    DEBUG 

pri  nt  f  ("opt  i  on  =  55s\n"  ,opt  i  on)  ; 
printf("in  case  8\n"); 
fendif 

break; 

case  9: 

whi le(TRUE) 
I 

pr intf ("Enable  (+)  or  Disable  (-)  Autoclear  Option?   "); 
get s(buf ) ; 

if  ((buf[0]  —  •+')  ||  (buf[0]  =  •-•)) 
break; 
\ 

sprintf(opt  ion,  "55s  55s55s"  ,  opt  ion,  buf  ,  "a")  ; 
#ifdef  DEBUG 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,  opt  i  on)  ; 
printf("in  case  9\n"); 
#endif 

break; 
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case  10: 

whi le(TRUE) 

printf ("Enable  (+)  or  Disable  (-)  Batch  Update?   "); 
gets(buf ) ; 

if  ((buf[0]  =  '+•)  ||  (buf[0]  —  '-•)) 
break; 

i 

sprintf(opt  ion,  "Zs   JJsXs"  ,  opt  ion  ,  buf  ,  "b")  ; 
fifdef  DEBUG 

printf ("opt  ion  »  %s\n" ,opt ion)  ; 

printf("in  case  10\n"); 
#endi  f 

break; 

case  1 1 : 

whi le(TRUE) 

printf("Print  (+)  or  Do  Not  Print  (-)  the  Dayfile?   "); 
get s(buf ) ; 

if  «buf[0]  =  •+')  ||  (buf[0]  =  •-•)) 
break; 

\ 

sprintf(opt  ion,  "JJs  %sJ5s"  ,  opt  ion,  buf  ,  "d")  ; 
#i  fdef  DEBUG 

pr i ntf ("opt i on  =  %s\n" , opt  ion)  ; 

printf("in  case  11\n"); 
#endif 

break; 

case  12: 

whi le(TRUE) 

I 

printf ("Print  (+)  or  Do  Not  Print  (-)  Monitor  Messages?   "); 
gets(buf ) ; 

if  ((buf[0]  =  •+•)  ||  (buf[0]  =  '-')) 
break; 

i 

sprintf(opt  ion,  "Xs   J5s55s"  ,  opt  ion,  buf  ,  "s")  ; 
#i  fdef  DEBUG 

printf ("opt i on  =  %s\n" ,opt ion) ; 

printf("in  case  12\n"); 
#endif 

break; 

case  13: 

whi le(TRUE) 

I 

printf("Wait  (+)  or  Do  Not  Wait  (-)  for  the  Data  Base?   "); 
gets(buf ) ; 

if  ((buf[0]  =-  •+•)  ||  (buf[0]  =  '-•)) 
break; 

i 

sprintf(opt  ion,  "%s  %sJ!s"  ,  opt  ion,  buf ,  "w")  ; 
#ifdef    DEBUG 

pr  i  nt  f  ("opt  i  on  =  5Ss\n"  ,opt  ion)  ; 

printf("in  case  13\n"); 
#endif 

break; 

case  14: 
#i  fdef  DEBUG 

printf("in  case  14\n"); 
#endi  f 

return(DONE); 

break; 

def au I t : 
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break; 

} 

for  (m=0;  m<5;  m++) 
buf[m]  =  0; 
#i  fdef  DEBUG 

printf("»buf  =  %s\n",buf); 
|endi  f 

return  (CONTINUE); 

i 
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•**•••*•••**••*••• 


I NGMENU 


>*•*•*»*•••*•••*** 


Funct  i  on : 


This  routine  is  used  to  print  the  options  of  the  UNIX 
command  ingres  to  the  user. 


Input:   None. 

Output:   A  screen  of  options. 

Returns:   The  options  to  be  executed. 


/ 

i  ngmenuQ 

i 


\n"); 

\t\t\t ingres  options\n"); 
\t\t\t \n"); 

1)  +/-U   =  enable/disable  d 
system  re  I  at i ons\n\t\t\t and  seco 

2)  -uname  =  specify  a  diff 
'  name'  An") ; 

3)  -cN  =  set  the  minimum  f 
charoct er\n\t\t\tdomai ns  to  N.\n 

4)  —  i 1 N  =  set  integer  outp 

5)  -f IxM.N  =  set  f looting 
width  to  M  characters\n\t\t\twi t 

6)  -vX  =  set  the  column  se 
to  the  terminal  ond\n\t\t\t pr i nt 

7)  -rM  =  set  modify  mode  o 
command  to  M.\n"); 

8)  -nM  =  set  modify  mode  o 
to  M.\n"); 

9)  +/— a  ■  set/clear  the  au 
the  terminal  mode.\n"); 

10)  +/-b  =  set/reset  batch 

11)  +/-d  ■  print/do  not  pri 

12)  +/-S  =  print/do  not  pri 
messages  An") ; 

13)  +/-w  =  wait/do  not  wait 

14)  EXIT  =  exit  from  this  o 


pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

Pr 

ntf 

pr 

ntfl 

Pr 

ntf  I 

pr 

ntfl 

pr 

ntfl 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntf 

pr 

ntfl 

pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf( 

pr 

ntf( 

pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf( 

II' 

pr 

ntf  ( 

irect  update  of  the"); 
ndary  i  nd  i  ces .\n") ; 
erent  DBA  cal led") ; 

ield  width  for  printing"); 

"): 

ut  field  width  to  N.\n"); 
point  output  field"); 
h  N  decimal  places. \n"); 
porator  for  retrieves"); 

commands  to  be  X.\n"); 
n  the  retrieve"); 

n  the  index  command"); 

toe  I  ear  opt  ion  i  n") ; 

update. \n") ; 

nt  the  doyf  i le.\n") ; 

nt  any  of  the  monitor"); 

for  the  database. \n") ; 
ption  sess i on .\n") ; 


\nPlease  enter  the  numbers  of  the  options  desired. 
You  must  finish\nwith  14  for  EXIT  or  'q'  for  QUIT: 


"); 
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•  LOCKBOX      » 

•  • 

• 

•  Function:   This  routine  will  handle  the  concurrency  problem  of 

•  two  users  wanting  to  access  the  same  encrypted  relation 

•  at  the  same  time.   Before  reading,  checking  and 

•  modifying  a  .crypt  file's  busy  bit,  run  "lockbox". 
»  After  the  change  has  taken  ploce  run  "unlockbox". 

• 

•  Input:   None. 
* 

•  Output:   None. 
* 

•  Returns:   An  OK  to  open  the  .crypt  file. 

•/ 

#include  <stdio.h> 

I ockbox( ) 

FILE  .fptr; 
int  i ,  j ; 

for  (i=0;  i<50;  i++) 
{ 

if  (( j=occess("/usr/ingres/lock. box" ,0))  =  -1 ) 

if  ((fptr  =  fopen("/usr/ingres/lock.box",  "a+"))  !=  NULL) 

f c I ose( fptr); 
return(  0  ); 

\ 

e  I  se 

fprintf (stderr, "Can" t  create  /usr/i ngres/lock. box  file\n"); 

sleep(l); 
I 

fprintf (stderr ."INGRES  Front  End  times  out  waiting  on  lockbox\n"); 
return(  -1  ) ; 
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•  * 

*  MENU        • 


»*••*•*****•**••*• 


»  Function: 


This  routine  is  used  to  print  the  options  of  the  INGRES 
related  UNIX  commands  to  the  User  in  o  menu  type  format. 


•  Input:   None. 
* 

•  Output:   A  screen  of  options. 
* 

•  Returns:   The  command  number  to  be  executed  =  pick. 


menu() 

1 

pr  i  nt f 

("\n\n\n"): 

pr  i  nt f 

( "   Be  1 ow 

pr  i  nt  f 

("      1) 

pr  i  ntf 

("      2) 

pr  i  nt f 

("  data  bas 

pr  i  nt f 

"      3) 

pr  i  nt f 

("      4) 

pr  i  nt f 

("      5) 

pr  i  nt f 

("      6) 

pr  i  nt f 

("  manogeme 

pr  i  nt f 

("      7) 

pr  i  nt  f 

["  access  t 

pr  i  nt  f 

("      8) 

pr  i  ntf 

("      9) 

pr  i  nt  f 

["  re  lot  ion 

pr  i  nt f 

("     10) 

pr  i  ntf 

C     11) 

pr  i  ntf 

("  storage 

pr  i  nt  f 

("     12) 

are  the  INGRES  relot 
CHANGEKEY  -  change 
COPYDB  -  create  bat 

se  and  restore  i  t .\n" 
CREATDB  -  create  a 
DESTROYDB  -  destroy 
HELPR  -  get  informa 
INGRES  -  INGRES  re  I 

snt  system. \n"); 
L1STREL  -  list  rela 

to  in  a  certai  n  data 
PRINTR  -  print  rela 
PURGE  -  destroy  a  I  I 

is.\n") ; 
RESTORE  -  recover  f 
SYSMOD  -  modi  fy  sys 
st  ructures .\n") ; 
EXIT  -  exit  from  th 


ed  UNIX  commands  ova i I ab I e :\n\n") ; 
a  relation's  key.\n"); 
ch  files  to  copy  out  a"); 

); 

data  base.\n"); 
an  existing  data  base.\n"); 
t i on  about  a  data  base.\n"); 
ational  data  base"); 

t  i  ons  a  user  has") ; 
base .\n") ; 
t  i  ons .\n") ; 
expired  and  temporary"); 

rom  an  INGRES  or  UNIX  crash. \n"); 
tern  relations  to  predetermined"); 


is  user's  sess ion.\n") ; 
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#i  nc I ude  "def  i  nes . h" 

extern  char  opt ionfCOMMANDLENGTH] ; 

extern  char  expr i nt r[ COMMAND LENGTH] ; 

extern  char  database[DBLENGTH] ; 

extern  char  re  I  I i st [PATHLENGTH] ; 


•  • 

•  PRINTRCALL    • 

•  * 


•  Function:   This  routine  is  used  to  formulate  the  command 

•  pr  int  r . 
• 

•  Input:   None. 

•  Output:   A  screen  of  options. 

•  Returns:   The  options  to  be  executed. 

* 

pr  i  nt  rca I  I () 

char  optbuf [100][3]; 
int  j  ,  i,  a,  differ; 

spr  int  f  (opt  i  on,  "55s"  ,  "  "); 
#i  f def  DEBUG 

pr i nt f ("expr i nt r  =  %s\n" ,expr i nt r) ; 

pr i nt f ("opt i on  =  %s\n" , opt i on) ; 

pr i nt f ("pr i nt r   database  =  55s\n" ,  database)  ; 
fendif 

pr  i  nt  rmenu() ; 

for  ( i=0;  ; i++) 

I 

sconf("/!s",  optbuf[i]); 
getchorQ  ; 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  */ 
if  ((*ept buffi]  =  '?')  ||  (»optbuf[i]  =  '\n')) 

» 

pr  i  nt  rmenu() ; 
cont  i  nue; 

\ 

/•  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((.optbuffi]  —  '7')  ||  (•optbuffi]  =  'q')) 

I 

fifdef  DEBUG 

pr  i  nt  f  ("  i  ns  ide  the  printrex  part  and  i  =  J5d!\n",i); 
fendif 

for  (j=0;  j<=i ;  j++) 

if  (printrcheck(optbuf [j])  =  DONE) 
break; 

I 

sprintf(exprintr,"/5s/5s  %s  ?5s","printr",option,database,rellist); 
#i  f def    DEBUG 

pr i nt f ("expr i nt r    before    exec   =  /5s\n" , expr i nt r) ; 
#endi  f 

printf("\n/5s\n",exprintr); 

if  (system(exprintr)  =  FAILURE) 
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syser  r(101 ) ; 
re  turn (SUCCESS); 

i 
/*  If  the  user's  response  is  a  number,  convert  it  and  process  it  »/ 
if  ((•optbuffi]  >=  '1')  kk   (»optbuf[i]  <=  '7')j 

i 

#ifdef  DEBUG 

printf("1-9  optbuf  [%d]  =  7.c   and  a  =  5!d\n",  i  ,  optbuf  [  i  ]  [0]  ,  a); 
#endif 

cont  i  nue ; 

I 

pr i nt f ("\nOpt i on  %s    is  not  a  legitimate  opt i on.\n" ,opt buf [ i J)  ; 

I 
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finclude  "defines. h" 

extern  char  opt  i  on[COMMANDI_ENGTH]  ; 

•  * 

•  PRINTRCHECK    * 

* 

•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

•  more  information  based  on  which  options  the  user  has 

•  requested  for  the  printr  command. 
• 

•  Input:   None. 
* 

•  Output:   A  list  of  options. 

•  Returns:   The  options  to  be  executed. 

•/ 

pr  i  nt  rcheck(pi  ck) 
char  pick[3]; 

I 

char  buf [5] ; 
i  nt  a,  m ; 

a  =  atoi (pick) ; 

fifdef  DEBUG 

printf("a  =  %d   and   pick  =  55s\n"  ,a.  pi  ck)  ; 
#end if 

swi tch(a) 

i 
case    1 : 

printf("Whot  is  the  user's  login  name?   "); 

gets(buf ) ; 

sprintf(opt  ion,  "55s  55s55s"  ,  opt  i  on,  "-u"  ,  buf  ) ; 
fifdef    DEBUG 

printf("in  case  1\n"); 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,  opt  ion)  ; 
#endif 

break; 

case  2: 

printf("What  is  the  minimum  field  width?   "); 

gets(buf); 

sprintf(option, "55s  55s55s" , opt  i  on, "-c" , buf ) ; 
#ifdef    DEBUG 

printf("in  case  2\n"); 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,opt  ion)  ; 
#endif 

break ; 

case  3: 

printf("What  is  the  integer  output  field  width?   "); 

gets(buf ) ; 

sprintf(opt  ion,  "55s  55s55s"  ,  opt  i  on,  "-i  "  ,  buf )  ; 
#ifdef    DEBUG 

pr  i  nt  f  ("opt  i  on  =  J5s\n"  ,  opt  ion)  ; 

printf("in  case  3\n")-;_ 
#endif 

break; 

case  4: 

printf("Set  the  flooting  point  output  field  width  to  M"); 
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printf("  characters  with  N  decimal  places. \n"); 

printf("What  is  the  IxM.N  parameter?   "); 

gets(buf ) ; 

spr  i  nt f (opt  ion, "Zs   %s%s" , opt  i  on, "— f " , buf ) ; 
fifdef  DEBUG 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,  opt  ion) ; 

printf("in  case  4\n"); 
lend  if 

break; 

case  5: 

printf("Whot  is  the  column  separator?   "); 

get  s( buf )  ; 

sprintf(option,  "%s  %s?Js"  ,  opt  i  on,  "-v"  ,  buf  )  ; 
#i  fdef  DEBUG 

pr  i  nt  f  ("opt  ion  =  J5s\n"  ,  opt  ion)  ; 

printf("in  case  5\n"); 
fendif 

break; 

case  6: 

whi le(TRUE) 

printf("Wait  (+)  or  Do  Not  Wait  (-)  for  the  Data  Base?   "); 
get s(buf ) ; 

if  ((buf[0]  =  ■  +  •)  ||  (buf[0]  =  •-')) 
break; 

I 

sprintf(option,  "%s  %sJJs" , opt  i on , buf , "w")  ; 

#i  fdef  DEBUG 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,  opt  ion) ; 

printf("in  case  6\n"); 
#endi  f 

break; 

cose  7: 
#i  fdef  DEBUG 

printf("in  case  7\n"); 
jfend  i  f 

return(DONE); 

break; 

def au I t : 
break; 

for  (m=0;  nt<5;  m-H-) 

buf[m]  =  0; 
fifdef  DEBUG 

printf ("»buf  =  %s\n",buf); 
fend  i  f 

return  (CONTINUE); 

i 
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.     PRINTRMENU 

• 

•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  printr  to  the  user. 

•  Input :   None . 
* 

•  Output:   A  screen  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

•/ 


pr  i  nt  rmenu() 
\ 


pr  i  nt 
pr  i  nt 
pr  i  nt 
pr  i  nt 
pr  i  nt 
pr  i  nt 
pr  i  nt 
print 
pr  i  nt 
pr  i  nt 
pr  i  nt 
print 
pr  i  nt 
pr  i  nt 

print 
print 


\n"); 

\t\t\tp 

\t\t\t- 

1 

' name' 
2 

choroc 
3 
A 

width 
5 

to  the 
6 
7 


rintrmenu  options\n"); 

\n"); 


)   -uname  =  specify  a  different  DBA  called 
An"); 

)   -cN  =  set  the  minimum  field  width  for  p 
ter\n\t\t\tdomai ns  to  N.\n"); 

)  -MN  =  set  integer  output  field  width  to  N.\ 
)  -flxM.N  =  set  floating  point  output  field"); 
to  M  characters\n\t\t\twi th  N  decimal  places. \n 
)  -vX  =  set  the  column  separator  for  retrieves 
terminal  and\n\t\t\tpr i nt  commands  to  be  X.\n" 
)  +/-w  =  wait/do  not  wait  for  the  datobose.\n" 
)   EXIT  ■  exit  from  this  option  sess i on.\n") ; 


r int  i  ng") ; 
n"); 

); 

"): 

): 

); 


\nPlease  enter  the  numbers  of  the  options  desired. 
You  must  finish\nwith  7  for  EXIT  or  "q'  for  QUIT: 


"); 
"); 


Jun  13  13:27  1987   purgecall.c  Page  1 

§ i  nc I ude  "def  i  nes . h" 

extern  char  opt i on[COMMANDLENGTH] ; 
extern  chor  expurge[COMMANDLENGTH] ; 
extern  char  database[DBLENGTH] ; 

* 

*  PURGECALL    • 

» 

*  Function:   This  routine  is  used  to  formulate  the  command 

*  purge. 
• 

*  Input:   None. 

*  Output:   A  screen  of  options. 

*  Returns:   The  options  to  be  executed. 

* 

purgecal I () 

I 

char  optbuf[l00][3]; 
int  j ,  i .  o,  di  f f er ; 

spr  i  ntf  (opt  i  on,  "55s"  ,  "  "); 
#i  f def  DEBUG 

pr i nt f ("expurge  =  55s\n"  ,  expurge)  ; 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,opt  ion)  ; 

pr i nt f( "purge  database  =  55s\n"  ,  database)  ; 
#endi  f 

purgemenu() ; 

for  ( i=0;  ; i++) 

\ 

scanf("55s",  optbuf[i]); 
getchar() ; 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  •/ 
if  ((•optbuffil  =  "?')  ||  («optbuf[i]  —  '\n')) 

\ 

purgemenu() ; 
cont  i  nue; 

/•  If  the  user's  response  is  an  exit,  get  out  of  here  »/ 
if  ((»optbuf[i]  =»  '6')  ||  (»optbuf[i]  =  'q')) 

I 

#ifdef  DEBUG 

pr i nt f (" i ns i de  the  purgex  port  and  i  =  55d!\n",i); 
#end if 

for  (j=0;  j<=i ;  j++) 
\ 

if  (purgecheck(optbuf[j])  =  DONE) 
I 
fifdef  DEBUG1 

printf("Got  to  just  after  purcheck  and  returni ng\n") ; 
fendi  f 

break ; 
i 
I 

sprintf(expurge,  "?5s55s   55s  ","  purge", opt  i  on, data  base); 
fifdef    DEBUG 

pr i nt f ("expurge    before   exec   =  55s\n" , expurge) ; 
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#endi  f 

pr  i  nt  f  ("\nJts\n"  .expurge); 

if  (system(expurge)  =  FAILURE) 

i 

syser r( 101 ) ; 

\ 

return(SUCCESS); 

/•  If  the  user's  response  is  a  number,  convert  it  and  process  it  */ 
if  ((•optbuf[i]  >=  *1*)  kit    (»optbuf[i]  <»  '6')) 

I 

fifdef  DEBUG 

printf("1-9  optbuf  [%d]  =  Xc   and  a  =  5!d\n",  i ,opt buf [ i ] [0] ,  a); 
lend  if 

cont  i  nue; 

pr i ntf ("\nOpt i on  %s  is  not  a  legitimate  opt ion.\n" .opt buf [ i ]) ; 
$ 

\ 
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§ i  nc I ude  "def  i  nes . h" 

extern  char  opt i on[COMMANDLENGTH] ; 

•  • 

•  PURGECHECK    • 

•  * 

* 

•  Function:   This  routine  is  used  to  check  ond  prompt  the  user  for 

•  more  information  based  on  which  options  the  user  has 

•  requested  for  the  purge  command. 
* 

•  Input:   None. 
• 

•  Output:   A  list  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

* 

purgecheck(pick) 
char  pick[3]; 

! 

char  buf[5]; 
i  nt  a ,  m; 

a  =  ato  i (pi  ck) ; 

#ifdef  DEBUG 

printf("a  =  55d  and  pick  =  55s\n"  ,a  ,  pick)  ; 
#endi  f 

swi  tch(a) 

I 
case  1 : 

sprintf(option,  "55s  55s"  ,  opt  ion,  "— f  ")  ; 
fifdef  DEBUG 

printf("in  case  1\n"); 
pr i nt f ("opt  ion  =  55s\n"  ,opt  ion) ; 
#endi  f 

break; 

case  2: 

sprintf(option,  "55s  55s"  , opt  i  on,  "— p")  ; 
#ifdef  DEBUG 

printf("in  case  2\n"); 

pr  i  nt  f  ("opt  i  on  =  55s\n"  .opt  ion) ; 
#end  i f 

break; 

cose  3: 

spr  i  nt  f  (opt  ion,  "55s  55s"  , opt  ion,  "-a")  ; 
fifdef  DEBUG 

printf("in  case  3\n"); 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,  opt  i  on)  ; 
#endi  f 

break; 

case  4: 

sprintf(option,  "55s  55s"  ,  opt  i  on,  "-s")  ; 
fifdef  DEBUG 

pr  i  nt  f  ("opt  ion  =  55s\n"  ,opt  ion)  ; 

printf("in  case  4\n"); 
#endi  f 

break; 
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case  5: 

whi le(TRUE) 
i 

printf("Wait  (+)  or  Do  Not  Wait  (-)  for  the  Data  Base?   "); 
gets(buf ) ; 

if  ((buf[0]  =  '+•)  ||  (buf[0]  =  '-•)) 
break; 

I 

sprh~t  f  (opt  i  on  ,  "J5s  T.s%s"  , opt  ion,  buf  ,  "w")  ; 
fifdef  DEBUG 

pr  i  nt  f  ("opt  ion  =  JJs\n"  .opt  ion)  ; 

printf("in   case   5\n"); 
#endif 

break; 

case   6: 
fjlifdef   DEBUG 

printf("in  case  6\n"); 
#endif 

return(DONE); 

break; 

default: 
break; 

{ 

for  (m=0;  m<5;  m++) 
buf[m]  =  0; 


return  (CONTINUE); 
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* 

«     PURGEMENU 

* 

• 

•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  purge  to  the  user. 
* 

•  Input:   None. 
* 

•  Output:   A  screen  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

:/ 

purgemenu() 

I 


pr  i  nt 
pr  i  nt 
pr  i  nt 
pr  i  nt 
print 
pr  i  nt 
print 
pr  i  nt 
pr  i  nt 
print 
pr  i  nt 
pr  i  nt 
pr  i  nt 
print 


\n\n\n"): 

'\t\t\tpurge  options\n"); 

•\t\t\t \n\n"); 


1)  -p  =  expired  user  relations  are  de I eted .\n") ; 

2)  -f  =  causes  unrecognizable  files  to  be"); 
'  deleted\n"); 

'      3)   — a  =  causes  messages  to  be  printed  about"); 

'  the  pending  operat i on\n\t\tand  execute  it  only"); 

1  if  the  response  is  a  'y'.\n"); 

'      4)   -s  =  INGRES  superuser  must  use  this  to  execute"); 

'  purge. \n"); 

'      5)  +/-w  =  wait/do  not  wait  for  the  dc 

'      6)   EXIT  =  exit  from  this  option  sessi 

'\nPlease  enter  the  number  of  the  option  desi 


database 
;  i  on .\n" 
;  i  red:  " 


An"); 

); 
): 
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#  i  nc I ude    "def  i  nes . h" 

extern  char  opt i on [COMMAND LENGTH ] ; 
extern  char  exrestore[COMMANDLENGTH] ; 
extern  char  databasefDBLENGTH] ; 


•  * 

•  RESTCALL     • 

•  * 

• 

•  Function:   This  routine  is  used  to  formulate  the  command 
»  restore. 

* 

•  Input:   None. 

•  Output:   A  screen  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

•/ 

restcal I () 

I 

char  optbuf [100][3]; 
int  j,  i,  a,  differ; 

spr i nt f (opt  ion, "J5s", "    "); 
#  i  f def  DEBUG 

pr  i  ntf  ("ex  restore  =  55s\n"  ,  exrestore)  ; 

pr i nt f ("opt i on  =  ?Cs\n" ,opt i on) ; 

pr i ntf (" rest  ore  database  =  %s\n" . database) ; 
#endif 

restmenu() ; 

for  ( i=0;  ; i++) 

sconf("J5s",  optbuffi]); 
getcharQ ; 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  •/ 
if  ((»optbuf[i]  =-  '?')  ||  (»optbuf[i]  =  "\n')) 

I 

restmenuQ  ; 
cont  i  nue; 

i 

/•  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((*optbuf[i]  =  '6')  ||  (.optbuffi]  =  'q')) 

\ 

fifdef  DEBUG 

pr i nt f (" i nside  the  restorex  port  and  i  =  55d!\n",i); 
#endif 

for  (j=0;  j<»i ;  j++) 

if  (restcheck(optbuf [j])  =  DONE) 

I 

#i  fdef  DEBUG1 

printf("Got  to  just  after  restcheck  and  ret  urn i ng\n") ; 
#endif 

break; 
\ 
I 

sprintf(exrestore,"J5s%s  55s","  restore  ".option, data  base); 
#i  f def    DEBUG 

pr i nt f ("exrestore    before    exec  =  55s\n" , exrestore) ; 
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#endi  f 

pr  i  nt  f  (  "\n55s\n"  .exrestore)  ; 

if  (system(exrestore)  =  FAILURE) 

I 

syser r( 101 ) ; 

J 

return(SUCCESS); 

i 

/•  If  the  user's  response  is  a  number,  convert  it  ond  process  it  */ 
if  ((»optbuf[i]  >-  '1')  it  (»optbuf[i]  <-  '*>')) 
\ 
#ifdef  DEBUG 

printf("1-9   optbuf    [55d]   =  55c   ond   o  =  2d\n",    i .optbuf [ i ][0] ,    o); 
fendif 

cont  i  nue ; 

pr i nt f ("\nOpt ion  ?Js  is  not  a  legitimate  opt  ion. \n", optbuf [ i ]) ; 

i 


Jun  13  13:33  1987   restcheck.c  Page  1 

^include  "defines. h" 

extern  char  opt i on[COMMANDLENGTH] ; 

•     RESTCHECK    • 


•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

•  more  information  bosed  on  which  options  the  user  has 

•  requested  for  the  restore  command. 
• 

•  Input:   None. 

•  Output:   A  list  of  options. 

»  Returns:   The  options  to  be  executed. 

• 

•/ 

rest check(p  i  ck) 
char  pick[3]; 

char  buf[5]; 
i  nt  a,  m; 

a  =  atoi (pi  ck) ; 

#ifdef  DEBUG 

printf("a  =  55d   and   pick  =  J5s\n"  ,  a  ,  pick)  ; 
#endif 

swi  tch(a) 

{ 
case   1  : 

spr  i  nt  f  (opt  i  on,  "55s  55s"  ,  opt  i  on  ,  "-p") ; 
#ifdef  DEBUG 

printf("in  case  1\n"); 
pr  i  nt  f  ("opt  i  on  =  55s\n"  ,opt  ion)  ; 
#endif 

break; 

case  2: 

sprintf(option,  "55s  55s"  ,  opt  ion,  "—f")  ; 
#ifdef  DEBUG 

printf("in  case  2\n"); 

pr  i  nt  f  (  "opt  i  on  =  55s\n"  ,  opt  i  on)  ; 
jjtendif 

break; 

case   3: 

spr  i  nt  f  (opt  i  on,  "55s  55s"  , opt  i  on,  "-a")  ; 
#ifdef  DEBUG 

printf("in  case  3\n"); 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,opt  i  on)  ; 
#endif 

break; 

case  4: 

sprintf(opt  ion,  "55s  55s"  .opt  ion  ,  "-s")  ; 
#ifdef  DEBUG 

pr  i  nt  f  ("opt  i  on  =  55s\n"  ,opt  ion)  ; 

printf("in   case   4\n"); 
#endi  f 

break; 
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case  5: 

whi  le(TRUE) 

i 

printf("Wait  (+)  or  Do  Not  Wait  (-)  for  the  Data  Base?   "); 
gets(buf); 

if  ((buf[0]  =  '+')  ||  (buf[6]  =  •-•)) 
break; 

i 

sprintf(opt  ion, "%s  %s?Cs"  .opt  i  on  ,  buf  ,  "w")  ; 
jjfifdef    DEBUG 

pr i nt f ("opt  ion  =  %s\n" , opt i on) ; 

printf("in  case  5\n"); 
#endi  f 

break; 

case  6: 
fifdef  DEBUG 

printf("in  case  6\n"); 
#endi  f 

return(DONE); 

break; 

def au I t : 
break; 

\ 

for  (m=0;  m<5;  m++) 
buffm]  =  0; 

return  (CONTINUE); 
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•  • 

•  RESTMENU      * 

* 

•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  restore  to  the  user. 
* 

•  Input:   None. 
» 

•  Output:   A  screen  of  options. 

•  Returns:   The  options  to  be  executed. 

* 

•/ 

restmenuQ 

i 


pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf( 

pr 

ntf  ( 

pr 

ntf( 

pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf  ( 

Pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf  ( 

pr 

ntf( 

pr 

ntf( 

Pr 

ntf( 

"\n\n\n"); 

"\t\t\t restore  options\n"); 

"\t\t\t \n\n"); 

1)  — p  =  if  restore  completes  with  no  errors,"); 

"  purge  is  ca I  I ed\n\t\tand  expired  user  relations  are  de I eted .\n") ; 

2)  -f  =  if  restore  completes  with  no  errors,"); 

"  purge  is  called  ond\n\t\t unrecogni zabl e  files  will  be"); 

"  deleted. \n"); 

"      3)   -a  =  causes  messages  to  be  printed  about"); 

"  the  pending  operat i on\n\t\tand  execute  it  only"); 

"  if  the  response  is  a  'y'.\n"); 

"      4)   -s  =  INGRES  superuser  must  use  this  to  execute"); 

"  restore .\n") ; 

"      5)  +/-w  =  wait/do  not  wait  for  the  database .\n") ; 

"      6)   EXIT  =  exit  from  this  option  sess i on.\n") ; 

"\nPleose  enter  the  number  of  the  option  desired:  "); 
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| i  nc I ude  "def  i  nes. h" 
# include  <sys/s i gna I . h> 

extern  char  opt i on[COMMANDLENGTH] ; 

extern  char  opt i on1 [COMMAND LENGTH] ; 

extern  char  exsysmod [COMMANDLENGTH] ; 

extern  char  database[DBLENGTH] ; 


•  • 
«      SYSCALL     • 

•  » 

* 

•  Function:   This  routine  is  used  to  formulate  the  command 

•  sysmod. 
• 

•  Input:   None. 

•  Output:   A  screen  of  options. 

»  Returns:   The  options  to  be  executed. 

* 

•/ 

sysca I  I () 
i 

char  optbuf[100][3]; 
i  nt  j ,  i ,  a,  di  f f er ; 
i  nt  done  =  0; 

spr i nt f (opt i on, "%a" , "    "); 

spr  intf  (opt  ionl  ,  "J5s"  ,  "  "); 
#i  fdef  DEBUG2 

pr i nt f ("exsysmod  =  ?5s\n" , exsysmod) ; 

pr  i  nt  f  ("opt  i  on  =  /5s\n"  ,opt  i  on)  ; 

pr i nt f ("opt i on1  =  %s\n" ,opt ionl ) ; 

pr i nt f ("sysmod  database  =  %s\n" .database) ; 
#endif 

sysmenuQ  ; 

for  (i=0;  done  !=  DONE  ; i++) 

sconf("55s",  optbuf[i]); 
getchor() ; 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  •/ 
if  ((»optbuf[i]  =  •?')  ||  (.optbuf[i]  =  '\n')) 

sysmenuQ  ; 
cont  i  nue; 

! 

/»  If  the  user's  response  is  an  exit,  get  out  of  here  »/ 
if  ((»optbuf[i]  =  '3')  ||  («optbuf[i]  =  'q')) 
\ 

for  (j=0;  j<=i;  j++) 

if  (syscheck(optbuf [j])  =  DONE) 

done  =  DONE; 
break ; 
I 
\ 
I 

/•  If  the  user's  response  is  a  number,  convert  it  and  process  it  •/ 
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if  ((.optbuf [i]  >=  '1')  44  (•optbuf[i]  <=  '3')) 

cont  i  nue ; 
pr i nt f ("\nOpt i on  55s  is  not  a  legitimate  opt  ion. \n" .optbuf [ i ])  ; 

* 

sysrel(); 
done  =  0; 

for  (i=0;  done  !=  DONE  ; i++) 

\ 

scanf("JJs",  optbuf[i]); 

/•  If  the  user's  response  is  'questionable',  show  the  menu  again  •/ 
if  ((»optbuf[i]  —  '?")  ||  (»optbuf[i]  =  '\n')) 
I 

sysrel () ; 

cont  inue; 

I 

/«  If  the  user's  response  is  an  exit,  get  out  of  here  •/ 
if  ((»optbuf[i]  =  '7')  ||  (»optbuf[i]  =  'q')) 

for  (j=0;  j<=i;  j++) 

if  (sysrelcheck(optbuf [j])  =  DONE) 

done  =  DONE; 
break; 
i 
\ 

/»  If  the  user's  response  is  a  number,  convert  it  and  process  it  •/ 
if  ((»optbuf[i]  >=  '1')  44  (»optbuf[ij  <=  '7')) 

cont  i  nue; 
pr i nt f ("\nOpt i on  %s  is  not  a  legitimate  opt ion.\n" , opt buf [ i ]) ; 

spr int  f (exsysmod , "%sJ5s  %s  %s" , "sysmod" , opt  i  on , database , opt i  on1 ) ; 
#ifdef  DEBUG2 

pr i ntf ("exsysmod  before  exec  =  %s\n" , exsysmod) ; 
#endif 

pr  i  nt  f  ("\nJ5s\n"  ,  exsysmod) ; 

getchar() ; 

if  (system(exsysmod)  —  FAILURE) 

syser r( 101 ) ; 
return(SUCCESS); 
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finclude  "defines. h" 

extern  char  opt i on [COMMAND LENGTH] ; 


/' 


**•*•*•*•*•*•••••• 


SYSCHECK 


*****•**•••**••**•» 


•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

•  more  information  based  on  which  options  the  user  has 

•  requested  for  the  sysmod  command. 


•  Input:   None. 

•  Output:   A  list  of  options. 

•  Returns:   The  options  to  be  executed. 

•/ 

syscheck(pick) 
chor  pick[3]; 

chor  buf[5]; 
i  nt  a,  m; 

a  »  atoi (pick) ; 

swi  tch(o) 

I 

case  1 : 

sprintf(option,  "55s  J5s"  ,  opt  ion,  "-s")  ; 
break; 


case  2: 

whi le(TRUE) 
I 

printf("Wait  (+)  or  Do  Not  Wait  (-)  for  the  Data  Base?   "); 
get s(buf ) ; 

if  ((buf[0]  =  •+')  ||  (buf[0]  =  •-•)) 
break; 

I 

sprintf(option,  "T.s   %s%s"  ,  opt  i  on  ,  buf  ,  "w") ; 

break; 

case  3: 

return(DONE) ; 
break; 

default: 

break; 
i 

for  (m=0;  m<5;  m++) 
buf[m]  =  0; 

return  (CONTINUE); 
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/*************•****** 

•  • 
.      SYSMENU       * 

•  * 
******************** 
• 

•  Function:   This  routine  is  used  to  print  the  options  of  the  UNIX 

•  command  sysmod  to  the  user. 
* 

•  Input:   None. 
* 

•  Output:   A  screen  of  options. 
* 

•  Returns:   The  options  to  be  executed. 
* 

sysmenu() 

I 

pr  i  nt f ("\n\n\n")  ; 

pr  i  nt f ("\t\t\t sysmod  opt  ions\n") ; 

printf  ("\t\t\t \n\n"); 

printf("       1)   -s  ■  INGRES  superuser  must  use  this  to  execute"); 

printf("  restore. \n") ; 

printf("      2)  +/-w  =  wait/do  not  wait  for  the  database. \n") ; 

printf("      3)   EXIT  =  exit  from  this  option  sess ion.\n") ; 

pr i nt f ("\nPI ease  enter  the  number  of  the  option  desired:  "); 
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•••«•««»•»■»*•»■•*■ 


SYSREL 


*«*••»**••••«•■••». 


•  Function:   This  routine  is  used  to  print  the  relations  on  which 

•  the  sysmod  commond  can  be  run. 
• 

•  Input:   None. 
* 

•  Output:   A  screen  of  options. 

•  Returns:   The  options  to  be  executed. 

•/ 

sysre I () 

I 


ntf ("\n\n\n"); 

nt  f ("\t\t\t sysmod  relet  i  ons\n") ; 


ntf ("\t\t\t- 

ntf("\t 
ntf("\t 
ntf("\t 
ntf("\t 
ntf("\t 
ntf("\t 
ntf("\t 


ij 

3) 
4) 

5) 
6) 
7) 


-\n\n"); 


re  lot  ion\n") ; 

at  t  r  i  bute\n") ; 

i  ndexes\n") ; 

tree\n"); 

protect\n")  ; 

i  ntegr  i  t  ies\n") ; 

EXIT  =  exit  from  this  option  sess i on.\n") ; 


nt f ("\n\nP I  ease  enter  the  number  of  the  relation  desired:  "); 
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§  i  nc  I  tide    "def  i  nes  .  h" 

extern  char  opt ionl [COMMANDLENGTH] ; 

•  • 

•  SYSRELCHECK    » 

a******************* 
* 

•  Function:   This  routine  is  used  to  check  and  prompt  the  user  for 

•  the  relations  to  be  modified  using  the  sysmod  command. 
« 

•  Input:   None. 
* 

•  Output:   A  list  of  options. 
* 

•  Returns:   The  options  to  be  executed. 

•/ 

sysrelcheck(pick) 
char  pick[3]; 

int  a,  m; 

a  =  oto  i (pick) ; 

swi  tch(a) 
{ 
case  1 : 

spr  intf  (opt  ionl  ,  "55s  55s"  .  opt  i  on1  ,  "  re  I  at  i  on")  ; 

break; 

case  2: 

spr  intf  (opt  i  on  1  ,  "55s  55s"  ,  opt  ion  1  ,  "ot  t  r  i  bute")  ; 
break; 

case  3: 

sprintf(option1  ,  "55s  55s"  ,  opt  ion  1  ,  "  i  ndexes")  ; 
break; 

case  4: 

spr  intf  (opt  i  on  1  .  "55s  55s"  ,  opt  ionl  ,  "t  ree")  ; 
break; 

case  5: 

sprintf(option1.  "55s  55s"  ,  opt  ion  1  ,  "protect")  ; 
break; 

case  6: 

sprintf(option1,  "55s  55s"  ,  opt  ionl  ,  "  i  ntegr  i  t  ies")  ; 
break; 

case  7: 

return(DONE); 
break; 

default: 
break; 
} 

return  (CONTINUE); 
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»••••*•*«**••••*• 


UN LOCKBOX 


>•*•*«•••*•*••****• 


«  Function:   This  routine  will  handle  the  concurrency  problem  of 

•  two  users  wanting  to  occess  the  same  encrypted  relation 

•  at  the  same  time.   After  reading,  checking  and 

•  modifying  a  .crypt  file's  busy  bit,  run  "unlockbox". 
«  This  follows  the  use  of  "lockbox"  before  doing  the 

•  reading,  checking  and  writing. 


put :   None . 
tput:   None, 
turns:   None. 


unlockboxQ 

\ 

unl ink("/usr/ingres/lock.box") ; 
return(  0  ) ; 
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Abstract 


Computer  security  has  become  an  increasingly  important 
subject  in  today's  society  where  the  use  of  computers  has 
been  incorporated  either  directly  or  indirectly  in  all 
phases  of  everyday  life.  This  paper  will  address  current 
computer  security  breaches  as  well  as  methods  used  to 
enhance  computer  security.  The  INGRES  (Interactive  Graphics 
and  Retrieval  System)  Data  Base  Management  System  (DBMS) 
operating  under  the  UNIX*  operating  system  will  be  the 
target  for  security  enhancements  to  be  discussed  in  detail 
in  this  paper  and  one  to  be  implemented  at  Kansas  State 
University.  The  design  for  the  implementation  using  INGRES 
and  UNIX  discusses  in  detail  the  relevant  design  features  of 
INGRES  and  UNIX  and  the  relationship  that  exists  between 
them.  The  focus  of  the  design  is  current  security  measures, 
strengths  and  weaknesses  of  the  combined  systems  and 
included  is  an  example  of  current  usage. 


*  UNIX  is  a  trademark  of  Bell  Laboratories 


